Cyber Resilience

CVE-2024-10901

CriticalPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
17 July 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0154 81.8th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10901 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Dbgpt Db-Gpt. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-10901 is a critical vulnerability in eosphoros-ai/db-gpt version v0.6.0, where the web API endpoint `POST /api/v1/editor/chart/run` permits execution of arbitrary SQL queries without any access control. This flaw enables attackers to perform arbitrary file writes on the victim's file system. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).

Unauthenticated attackers with network access can exploit this vulnerability by sending crafted requests to the affected API endpoint, leading to arbitrary SQL execution. This allows them to write malicious files anywhere on the file system, potentially achieving remote code execution (RCE). For instance, attackers could write a malicious `__init__.py` file into Python's `/site-packages/` directory to execute arbitrary code.

The primary advisory is available at https://huntr.com/bounties/db2c1d59-6e3a-4553-a1f6-94c8df162a18, which details the vulnerability discovered through a bug bounty program. Security practitioners should consult this reference for specific mitigation guidance, such as upgrading to a patched version of db-gpt or implementing access controls on the API endpoint.

EU & UK References

Vulnerability details

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's…

more

file system. This can potentially lead to Remote Code Execution (RCE) by writing malicious files such as `__init__.py` in the Python's `/site-packages/` directory.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, gpt

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Unauthenticated web API allows arbitrary SQL execution (T1190: Exploit Public-Facing Application), enabling database data collection (T1213.006: Databases) and arbitrary file writes to site-packages for Python RCE (T1059.006: Python).

CVEs Like This One

CVE-2024-10835Same product: Dbgpt Db-Gpt
CVE-2024-10902Same product: Dbgpt Db-Gpt
CVE-2024-10906Same product: Dbgpt Db-Gpt
CVE-2025-7847Shared CWE-434
CVE-2024-13882Shared CWE-434
CVE-2025-26319Shared CWE-434
CVE-2024-9920Shared CWE-434
CVE-2025-26411Shared CWE-434
CVE-2024-56975Shared CWE-434
CVE-2019-25580Shared CWE-434

Affected Assets

dbgpt
db-gpt
0.6.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations on the web API endpoint to prevent unauthenticated execution of arbitrary SQL queries.

prevent

Validates and sanitizes inputs to the API to block arbitrary SQL queries that enable file writes and RCE.

prevent

Restricts database privileges to minimal necessary access, mitigating file write capabilities from executed SQL.

References