CVE-2024-55075

low-risk

Published 2025-01-06

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Grocy

Affected Vendors

Grocy Project

References (1)

Exploit https://m10x.de/posts/2024/11/all-your-recipe-are-belong-to-us-part-1/3-stored-x...

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal