#VU110091 Use of a broken or risky cryptographic algorithm in Beego - CVE-2024-55885

Cybersecurity Help s.r.o.

Published: 2025-06-03

Vulnerability identifier: #VU110091

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-55885

CWE-ID: CWE-327

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Beego
Web applications / Modules and components for CMS

Vendor: beego Framework

Description

The vulnerability allows a remote attacker to modify data on the system.

The vulnerability exists due to beego use MD5 as a hashing algorithm and MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. A remote attacker can gain unauthorized access to modify data on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Beego: 0.6.0 - 2.3.3

External links
https://github.com/beego/beego/commit/e7fa4835f71f47ab1d13afd638cebf661800d5a4
https://github.com/beego/beego/security/advisories/GHSA-9j3m-fr7q-jxfw

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Fusion

Use of a broken or risky cryptographic algorithm in beego