Cyber Resilience

CVE-2024-6396

CriticalPublic PoC

Published: 12 July 2024

Published
12 July 2024
Modified
23 July 2025
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8870 99.5th percentile
Risk Priority 73 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-6396 is a critical-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Aimstack Aim. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010), Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).

Deeper analysis

A vulnerability exists in the `_backup_run` function of aimhubio/aim version 3.19.3. It stems from improper handling of the `run_hash` and `repo.path` parameters, enabling path traversal that permits writing to arbitrary file locations on the server. The issue is tracked as CWE-29 and carries a CVSS 3.0 score of 9.8.

Unauthenticated remote attackers can supply crafted values to these parameters, allowing them to overwrite any file on the host, exfiltrate arbitrary data, cause denial of service through critical file replacement, and potentially achieve remote code execution.

The referenced Huntr bounty report details the flaw but does not describe available patches or specific mitigation steps in the supplied information. The associated EPSS score stands at 0.8870 with a recorded peak of 0.9099, indicating sustained exploitation interest since disclosure.

EU & UK References

Vulnerability details

A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can…

more

be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Aim (aimhubio/aim) is an open-source platform for tracking, visualizing, and managing machine learning experiments, fitting under 'Other Platforms' as an ML experiment tracking tool.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Vulnerability enables public-facing app exploitation (T1190), local data collection/exfiltration (T1005), file deletion via overwrite (T1070.004), data destruction by overwriting critical files (T1485), and stored data manipulation (T1565.001).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010: AI Supply Chain CompromiseAML.T0016: Obtain CapabilitiesAML.T0024: Exfiltration via AI Inference APIAML.T0048: External Harms

Affected Assets

aimstack
aim
3.19.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References