Unrated severityNVD Advisory· Published Dec 1, 2025· Updated Dec 1, 2025

CVE-2024-39148

Description

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

Affected products

Kerberos Agent/Kerberosinferred
Range: <5.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

keros.docs.kerlink.com/security/security_advisories_kerOS5mitre
www.bdosecurity.de/en-gb/advisories/cve-2024-39148mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000