ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
Security readout for executives and security teams
Plain-English summary
ACL Analytics 11.x through 13.0.0.579 is reported to allow arbitrary code execution. In business terms, a successful attack could let an attacker take full control of systems running the affected software. The public bundle includes exploit material, but does not show confirmed active exploitation.
Executive priority
Treat this as urgent for any organization using affected ACL Analytics versions. The risk is full system compromise, but urgency depends on whether the product is present and reachable in your environment.
Technical view
The CVE describes CWE-94 code injection in ACL Analytics, where the EXECUTE function can be abused to run arbitrary commands with system privileges. The CVSS 3.1 score is 9.8 with network attack vector, low complexity, no privileges, and no user interaction.
Likely exposure
Exposure is limited to environments running ACL Analytics versions 11.x through 13.0.0.579. The bundle does not identify affected CPEs, deployment patterns, or a vendor-fixed version.
Exploitation context
A public ExploitDB reference is listed, so proof-of-concept material appears publicly available. The source bundle marks KEV as false and provides no cited evidence of active exploitation in the wild.
Researcher notes
Evidence is sufficient for affected-version triage and risk rating, but incomplete for patch status and live exploitation. Avoid assuming broader product impact beyond ACL Analytics 11.x through 13.0.0.579.
Mitigation direction
Inventory ACL Analytics installations and confirm exact versions.
Check vendor guidance for fixed versions or supported mitigations.
Prioritize upgrade or removal of affected versions where possible.
Restrict network access to systems running ACL Analytics.
Monitor affected hosts for suspicious script or command execution.
Validation and detection
Confirm whether ACL Analytics is installed in the environment.
Verify installed versions against 11.x through 13.0.0.579.
Review vendor advisories for current remediation status.
Check endpoint telemetry for unexpected child processes from ACL Analytics.
Validate compensating controls around access and execution monitoring.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-94: Code execution behavior lookup
Code execution and unsafe deserialization weaknesses often justify reviewing execution behavior and process telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
2CVSS vectors
3Timeline events
1ADP providers
5Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: yesTechnical Impact: total
CVSS vector scores
2 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.