Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Conclusion & alert: CVE-2024-45195 is rated Critical Active Threat (95/100): CVSS High severity, with high exploitation likelihood (EPSS 99.98%, 100th percentile). Core evidence: CISA KEV confirms active exploitation (added 2025-02-04) affecting Apache / OFBiz. a weakness (CWE-425) Unauthenticated remote administrative access may be possible. EPSS rose +5.84% over the last day, indicating growing attacker interest. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: Apache OFBiz Forced Browsing Vulnerability · CISA KEV detail
: 2025-02-04
: 2025-02-25
: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 94.15% | 99.98% | +5.84% |
| 2 | 2025-11-21 | 94.04% | 94.15% | +0.11% |
| 3 | 2025-11-18 | — | 94.04% | — |
Full EPSS history (16 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 3.1 | HIGH |
|
3.9 | 3.6 | [email protected] |
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| URL | Tags |
|---|---|
| https://issues.apache.org/jira/browse/OFBIZ-13130 | Issue Tracking Vendor Advisory |
| https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy | Vendor Advisory |
| https://ofbiz.apache.org/download.html | Product |
| https://ofbiz.apache.org/security.html | Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2024/09/03/6 | Mailing List |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195 | Third Party Advisory US Government Resource |