CVE-2024-6483
Published: 20 March 2025
Summary
CVE-2024-6483 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Aimstack Aim. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6986
Vulnerability details
A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion.…
more
This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing web endpoint enables T1190 (exploit public-facing application); facilitates arbitrary file/directory deletion for T1070.004 (file deletion under indicator removal) and T1485 (data destruction for DoS/data loss).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.