Remote Code Execution Risk in Radware Cloud Web Application Firewall
CVE-2024-56523

9.1CRITICAL

Key Information:

Vendor: Radware
Status: Cloud Web Application Firewall
Vendor: CVE Published:; 12 May 2025

What is CVE-2024-56523?

The Radware Cloud Web Application Firewall (WAF) prior to May 7, 2025, is susceptible to a serious vulnerability that allows remote attackers to circumvent the security filters. By sending specially crafted HTTP GET requests with random data placed in the request body, an attacker can exploit this weakness, resulting in unauthorized access or manipulation of web applications protected by the firewall. This vulnerability highlights the importance of maintaining updated security measures and awareness of potential exploit vectors.

References

https://radware.com/solutions/cloud-security/

https://www.kb.cert.org/vuls/id/722229

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
Dec 27, 2024

CVE-2024-56523 Data

JSON