CVE-2024-32113

CRITICAL 9.1

⚠️ CISA KEV

Apache OFBiz: Path traversal leading to RCE

CVSS Score

9.1

EPSS Score

0.0%

EPSS Percentile

0th

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.

CWE	CWE-22
Vendor	apache software foundation
Product	apache ofbiz
Published	May 8, 2024
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for apache software foundation apache ofbiz

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-32113.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache OFBiz

0 < 18.12.13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

ofbiz.apache.org: https://ofbiz.apache.org/download.html ofbiz.apache.org: https://ofbiz.apache.org/security.html issues.apache.org: https://issues.apache.org/jira/browse/OFBIZ-13006 lists.apache.org: https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd openwall.com: http://www.openwall.com/lists/oss-security/2024/05/09/1 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-32113

Credits

Qiyi Zhang (RacerZ) @secsys from Fudan