CVE-2024-7033
Published: 20 March 2025
Summary
CVE-2024-7033 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Openwebui Open Webui. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 19.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates and sanitizes file path inputs to the download_model endpoint, directly preventing path traversal and arbitrary file writes.
Identifies and remediates the specific flaw in version 0.3.8 through timely patching, eliminating the improper path handling vulnerability.
Enforces least privilege on the application process, limiting the impact of arbitrary file writes or RCE to the application's restricted privileges.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file write via path manipulation in the download_model endpoint of the web application enables ingress tool transfer (downloading attacker-controlled content to arbitrary paths) and exploitation of a public-facing application for RCE or DoS.
NVD Description
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on…
more
the server's filesystem. This can result in overwriting critical system or application files, causing denial of service, or potentially achieving remote code execution (RCE). RCE can allow an attacker to execute malicious code with the privileges of the user running the application, leading to a full system compromise.
Deeper analysisAI
CVE-2024-7033 is an arbitrary file write vulnerability in version 0.3.8 of open-webui/open-webui, specifically affecting deployments on Windows. The issue resides in the download_model endpoint, where the application fails to properly handle file paths. This allows attackers to manipulate paths and write files to arbitrary locations on the server's filesystem, potentially overwriting critical system or application files.
Exploitation requires high privileges (PR:H) but can be performed over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). A privileged attacker could achieve denial of service by overwriting key files or escalate to remote code execution (RCE) by targeting executable locations. Successful RCE would run malicious code under the privileges of the user running the application, potentially leading to full system compromise. The vulnerability has a CVSS v3.1 base score of 7.2 (C:H/I:H/A:H/S:U) and is associated with CWE-29 (Path Traversal: '.../').
For mitigation details, refer to the advisory at https://huntr.com/bounties/7078261f-8414-4bb7-9d72-a2a4d8bfd5d1.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Open-WebUI is a web-based platform/UI for interacting with LLMs (e.g., via Ollama), with the vulnerability in the 'download_model' endpoint confirming its role in AI model handling and deployment.