PatchSiren cyber security CVE debrief
CVE-2024-4885 Progress CVE debrief
CVE-2024-4885 is a path traversal vulnerability in Progress WhatsUp Gold that CISA added to the Known Exploited Vulnerabilities catalog on 2025-03-03. Because it is already tracked as known exploited, organizations should treat it as an urgent remediation item and follow vendor guidance without delay.
- Vendor
- Progress
- Product
- WhatsUp Gold
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2025-03-03
- Original CVE updated
- 2025-03-03
- Advisory published
- 2025-03-03
- Advisory updated
- 2025-03-03
Who should care
Security and platform teams responsible for Progress WhatsUp Gold, especially administrators managing externally reachable or business-critical deployments. Incident responders and vulnerability management teams should also prioritize this CVE because it is in CISA’s KEV catalog.
Technical summary
The supplied corpus identifies CVE-2024-4885 as a path traversal issue affecting Progress WhatsUp Gold. The available official sources do not provide additional technical detail in this corpus beyond the vulnerability class, product, and the fact that CISA lists it as known exploited. CISA’s guidance for this KEV entry is to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Defensive priority
Urgent. This is a KEV-listed vulnerability with a CISA due date of 2025-03-24, so remediation should be prioritized immediately over routine maintenance work.
Recommended defensive actions
- Review Progress’s official WhatsUp Gold security bulletin and apply the vendor-recommended mitigations or update as directed.
- If your environment uses a cloud service context, follow applicable CISA BOD 22-01 guidance.
- If mitigations are not available or cannot be applied safely, discontinue use of the affected product per CISA guidance.
- Inventory all WhatsUp Gold instances and confirm remediation status before the CISA due date.
- Validate exposure reduction after remediation and monitor for any abnormal access patterns around file or path handling.
- Track this CVE in vulnerability management and exception workflows until remediation is complete.
Evidence notes
This debrief is based only on the supplied official sources: the CISA KEV catalog entry, the CVE record, and the NVD detail page. The corpus confirms the CVE, product, vulnerability class, KEV status, date added, due date, and CISA’s required action text. It does not supply exploit details, CVSS scoring, or broader impact characterization, so none are asserted here. Known ransomware campaign use is listed as Unknown in the provided metadata.
Official resources
-
CVE-2024-4885 CVE record
CVE.org
-
CVE-2024-4885 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
CISA added CVE-2024-4885 to the Known Exploited Vulnerabilities catalog on 2025-03-03, with a remediation due date of 2025-03-24. No additional disclosure timeline details are provided in the supplied corpus beyond the official references.