Vulnerability Description
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/schrodinger/pymol-open-source/issues/405
- https://github.com/yamerooo123/CVE/blob/main/CVE-2024-50636/Description.md
- https://youtu.be/SWnN_a1tUNc
FAQ
What is CVE-2024-50636?
CVE-2024-50636 is a vulnerability with a CVSS score of 9.8 (CRITICAL). PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing ...
How severe is CVE-2024-50636?
CVE-2024-50636 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-50636?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.