The vulnerability is an arbitrary file write that occurs when an authenticated user supplies a crafted expression to the Sed Plugin in Rapid7 InsightConnect. By specifying an unchecked path in the expression parameter, the attacker can cause the plugin to create or overwrite files anywhere on the file system where the plugin process has write permission. The ability to write arbitrary content can be leveraged to replace critical binaries, inject malicious scripts, or modify configuration files, potentially leading to privilege escalation or remote code execution.

The issue affects Rapid7 InsightConnect Sed Plugin deployed on Linux environments. No specific plugin or InsightConnect version ranges are listed in the advisory, so any installation of the Sed Plugin that has not been updated after the vulnerability was disclosed is potentially vulnerable.

With a CVSS score of 7.1 the flaw is considered Medium‑high severity. The EPSS score is not available, and the vulnerability is not yet cataloged in CISA KEV, indicating no known widespread exploitation. The attack vector requires the attacker to be authenticated against the InsightConnect platform and to have access to the Sed Plugin interface; therefore, the risk is bounded to users with legitimate credentials or compromised accounts. Until a vendor patch is released, mitigation hinges on restricting plugin access and system file permissions.