Overview
- Sysdig logged the first real-world use of the flaw 9 hours and 41 minutes after Wednesday's public advisory, with credential theft completed in minutes.
- The vulnerability sits in Marimo, an open-source Python notebook, where the /terminal/ws WebSocket skips authentication and grants a full system shell.
- On a Sysdig honeypot, the intruder opened the unauthenticated terminal, probed files, and tried to read .env credentials and SSH keys, with no miners or backdoors installed.
- Investigators traced actual exploitation to one IP address, while about 125 other addresses conducted scanning and HTTP probing for exposed instances.
- All releases through 0.20.4 are vulnerable, so users should upgrade to 0.23.0, limit internet access to notebook terminal endpoints, and monitor for unusual WebSocket connections.