Cyber Resilience

CVE-2024-6394

HighPublic PoC

Published: 30 September 2024

Published
30 September 2024
Modified
09 July 2025
KEV Added
Patch
CVSS Score v3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0051 67.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-6394 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 33.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).

EU & UK References

Vulnerability details

A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to…

more

arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
parisneo/lollms-webui is a web user interface platform for running and managing Large Language Models (LLMs) locally, qualifying as an AI-related platform for model interaction and deployment.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.004 Private Keys Credential Access
Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.
Why these techniques?

LFI via path traversal in web app enables exploitation of public-facing application (T1190) to read arbitrary local files, facilitating data collection (T1005), credentials in files (T1081, T1552.001), and private keys like SSH keys (T1552.004).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0016: Obtain CapabilitiesAML.T0024: Exfiltration via AI Inference API

Affected Assets

lollms
lollms web ui
9.8

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References