Cyber Resilience

CVE-2024-5334

HighPublic PoC

Published: 27 June 2024

Published
27 June 2024
Modified
15 July 2025
KEV Added
Patch
CVSS Score v3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.6275 98.4th percentile
Risk Priority 53 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5334 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Stitionai Devika. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 1.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain.

Deeper analysis

CVE-2024-5334 is a local file read vulnerability in the stitionai/devika repository affecting its latest version. The flaw stems from improper handling of the snapshot_path parameter in the /api/get-browser-snapshot endpoint, which permits an attacker to supply an arbitrary path and retrieve file contents from the underlying system. The issue is tracked under CWE-73 and carries a CVSS 3.0 score of 7.5.

An unauthenticated remote attacker can exploit the vulnerability by sending a crafted HTTP request containing a malicious snapshot_path value. Successful exploitation grants read access to any file on the server filesystem, exposing sensitive configuration data, source code, or credentials without requiring user interaction or elevated privileges.

Public references point to a fix merged in commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 of the devika repository, which addresses the path-handling logic in the affected endpoint. The same change is referenced in the associated huntr.dev bounty report.

The EPSS score for this CVE currently stands at 0.6275, matching its observed peak.

EU & UK References

Vulnerability details

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with…

more

a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
stitionai/devika is an open-source AI agentic software engineer (AI coding assistant), fitting Enterprise AI Assistants; vulnerability reported on AI/ML bug bounty platform huntr.com.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

LFI vulnerability via public-facing API endpoint (T1190) enables arbitrary local file reads for data collection (T1005), file/directory discovery (T1083), and credential access from files (T1081).

Affected Assets

stitionai
devika
1.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-73

Rejects externally supplied file or resource identifiers that fail validity checks.

References