D-Tale chart filter vuln linked to remote code execution

Product
Solutions
Resources
Company

Schedule a demo

Campaign of the month

Learn about the latest cyber attacks and vulnerabilities in our monthly Campaigns.

D-Tale chart filter vulnerability opens door to remote code execution

This month’s campaign features a spotlight on CVE-2024-45595, a critical eval injection flaw in D-Tale.

Access the full spotlight below.

What is D-Tale?

D-Tale is a free, open source tool built with Python that provides a web interface for exploring and visualizing pandas DataFrames. It helps data scientists and analysts to inspect, filter, and chart data easily through a web browser. D-Tale is often used in Jupyter or research environments. Its integration with Python and user-friendly design have made it popular in academic labs, machine learning projects, and internal analytics platforms.

Overview of CVE-2024-45595

The CVE-2024-45595 vulnerability in D-Tale is a serious security issue related to the application’s chart filtering system. The custom_filters parameter, intended for dynamic data filtering, utilizes Python’s eval() function without proper checks or safeguards.

This mistake enables attackers to execute malicious Python code within the application through a standard interface. If someone exploits this vulnerability, they can execute code remotely on the system that runs D-Tale. The amount of control they gain depends on how the environment is set up. In many cases, this could result in full administrative access, file theft, or additional attacks on connected systems.

Attack flow

The attack unfolds in three distinct stages.

Initial entry point: Access to the D-Tale interface, which may be exposed internally or, in some cases, publicly without authentication.

Exploitation technique: Injection of crafted Python expressions into the chart query interface, triggering backend execution through eval().

Impact: Execution of arbitrary system-level commands, leading to data exposure, privilege escalation, or infrastructure compromise.

This vulnerability underscores the broader risk of using unsanitized dynamic evaluation in user-facing features. Recognizing the severity of CVE-2024-45595 is essential for both development and security teams.

What you’ll learn in this spotlight

Access the free spotlight below and dive deeper into this critical D-Tale vulnerability.

Explore the anatomy of the attack chain

Understand the details of the exploitation process

Learn everything you need to know about evasion techniques, defense, and mitigation

Past campaigns

Exploring CVE-2025-8088: How WinRAR became vulnerable to path traversal

On July 18th, 2025, ESET researchers publicly disclosed the CVE-2025-8088 vulnerability. Although WinRAR’s response was swift with the release of a patch (version 7.13) on July 30, 2025 the window between disclosure and patch availability was long enough for adversaries to weaponize the flaw and conduct successful intrusions. This campaign explores in depth how CVE-2025-8088 […]

Dissecting ToolShell: Multi-stage exploit chain targeting Microsoft SharePoint

Microsoft recently faced critical vulnerabilities in on-premises SharePoint servers that have been actively exploited in the wild. To mitigate these threats, Microsoft issued customer guidance and released security updates for CVE-2025-53770 and CVE-2025-53771, covering all supported SharePoint versions. In this month’s campaign, we’re dissecting this multi-stage exploit chain, known as the ToolShell campaign. Let’s dig […]

Exploring real-world MSI™ Afterburner RTCore driver exploitation

Threat actors are increasingly exploiting legitimate signed software to gain elevated privileges and bypass system defenses. In this month’s campaign, we will explore the RTCore driver (RTCore64.sys) from MSI™ Afterburner, used for overclocking graphics cards, and how, when running in kernel mode, it can provide low-level access to hardware. Overview of the RTCore driver exploitation […]