A critical PHP remote code execution vulnerability, CVE-2024-4577, is being actively exploited in widespread attacks targeting Windows systems globally.
The vulnerability, patched in June 2024, allows unauthenticated attackers to execute arbitrary code, leading to complete system compromise.
While initial reports indicated targeted attacks against Japanese organizations, new data reveals a significant increase in exploitation attempts worldwide, including the United States, Singapore, Germany, and China.
Threat intelligence firm GreyNoise reports observing a surge in exploitation attempts since January 2025, with numerous exploit codes available online.
The attacks involve attempts to steal credentials, establish persistence, elevate privileges, and deploy adversarial tools. This vulnerability has also been previously exploited by ransomware groups and to deploy new malware.