CVE-2024-10835
Published: 20 March 2025
Summary
CVE-2024-10835 is a critical-severity SQL Injection (CWE-89) vulnerability in Dbgpt Db-Gpt. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces access control policies on the web API endpoint to block unauthenticated arbitrary SQL query execution.
Validates all SQL query inputs to the API to prevent SQL injection attacks enabling arbitrary file writes.
Limits privileges of the application and DuckDB processes to minimize impact of arbitrary SQL leading to file writes and RCE.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in the public-facing web API allows unauthenticated arbitrary SQL query execution via POST /api/v1/editor/sql/run, enabling arbitrary file writes with DuckDB and potential RCE, directly mapping to exploitation of a public-facing application.
NVD Description
In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files…
more
to the victim's file system. This can potentially lead to Remote Code Execution (RCE).
Deeper analysisAI
CVE-2024-10835 is a critical vulnerability in eosphoros-ai/db-gpt version v0.6.0, where the web API endpoint POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This flaw, classified under CWE-89 (SQL Injection), enables attackers to exploit DuckDB SQL functionality for arbitrary file writes to the victim's file system, potentially escalating to remote code execution (RCE). The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its severe impact.
Unauthenticated remote attackers can exploit this vulnerability by sending crafted requests to the affected API endpoint, requiring no privileges, low attack complexity, or user interaction. Successful exploitation grants the ability to write arbitrary files anywhere on the file system via DuckDB's SQL capabilities, which can overwrite critical files or configurations, leading to full system compromise through RCE.
Mitigation details and additional technical information are available in the advisory published on Huntr at https://huntr.com/bounties/e32fda74-ca83-431c-8de8-08274ba686c9. The vulnerability was publicly disclosed on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- DB-GPT (eosphoros-ai/db-gpt) is an open-source AI-native data app builder integrating LLMs with databases for natural language interactions, fitting Enterprise AI Assistants category. Vulnerability in web API for SQL execution aligns with AI platform deployment.