Cyber Resilience

CVE-2024-7033

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
29 July 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0134 80.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7033 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Openwebui Open Webui. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 19.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-7033 is an arbitrary file write vulnerability in version 0.3.8 of open-webui/open-webui, specifically affecting deployments on Windows. The issue resides in the download_model endpoint, where the application fails to properly handle file paths. This allows attackers to manipulate paths and write files to arbitrary locations on the server's filesystem, potentially overwriting critical system or application files.

Exploitation requires high privileges (PR:H) but can be performed over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). A privileged attacker could achieve denial of service by overwriting key files or escalate to remote code execution (RCE) by targeting executable locations. Successful RCE would run malicious code under the privileges of the user running the application, potentially leading to full system compromise. The vulnerability has a CVSS v3.1 base score of 7.2 (C:H/I:H/A:H/S:U) and is associated with CWE-29 (Path Traversal: '.../').

For mitigation details, refer to the advisory at https://huntr.com/bounties/7078261f-8414-4bb7-9d72-a2a4d8bfd5d1.

EU & UK References

Vulnerability details

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on…

more

the server's filesystem. This can result in overwriting critical system or application files, causing denial of service, or potentially achieving remote code execution (RCE). RCE can allow an attacker to execute malicious code with the privileges of the user running the application, leading to a full system compromise.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Arbitrary file write via path manipulation in the download_model endpoint of the web application enables ingress tool transfer (downloading attacker-controlled content to arbitrary paths) and exploitation of a public-facing application for RCE or DoS.

CVEs Like This One

CVE-2026-45398Same product: Openwebui Open Webui
CVE-2026-44567Same product: Openwebui Open Webui
CVE-2026-45400Same product: Openwebui Open Webui
CVE-2026-44556Same product: Openwebui Open Webui
CVE-2026-45331Same product: Openwebui Open Webui
CVE-2026-44551Same product: Openwebui Open Webui
CVE-2026-45315Same product: Openwebui Open Webui
CVE-2026-45338Same product: Openwebui Open Webui
CVE-2026-45401Same product: Openwebui Open Webui
CVE-2026-45350Same product: Openwebui Open Webui

Affected Assets

openwebui
open webui
0.3.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates and sanitizes file path inputs to the download_model endpoint, directly preventing path traversal and arbitrary file writes.

prevent

Identifies and remediates the specific flaw in version 0.3.8 through timely patching, eliminating the improper path handling vulnerability.

prevent

Enforces least privilege on the application process, limiting the impact of arbitrary file writes or RCE to the application's restricted privileges.

References