CVE-2024-6583
Published: 20 March 2025
Summary
CVE-2024-6583 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Quivr Quivr. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6981
Vulnerability details
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in upload functionality enables exploitation of public-facing application (T1190) for arbitrary file writes to S3 bucket paths, facilitating tool ingress (T1105), remote staging of data/tools (T1074.002), and manipulation of stored data (T1565.001).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.