CVE-2024-7034
Published: 20 March 2025
Summary
CVE-2024-7034 is a high-severity Path Traversal (CWE-22) vulnerability in Openwebui Open Webui. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of user-supplied filenames at the /models/upload endpoint to block directory traversal sequences like ../ and prevent arbitrary file writes.
Enforces logical access controls limiting high-privilege users' write permissions to the intended UPLOAD_DIR, reducing impact of path traversal overwrites.
Monitors and verifies integrity of critical files and binaries to detect unauthorized modifications from exploited directory traversal.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal in /models/upload enables exploitation of public-facing web application (T1190) for arbitrary file writes, allowing overwrite of system binaries and configs to compromise host software (T1554), potentially leading to RCE.
NVD Description
In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of `file_path = f"{UPLOAD_DIR}/{file.filename}"` without proper input validation or sanitization. An attacker can exploit…
more
this by manipulating the `file.filename` parameter to include directory traversal sequences, causing the resulting `file_path` to escape the intended `UPLOAD_DIR` and potentially overwrite arbitrary files on the system. This can lead to unauthorized modifications of system binaries, configuration files, or sensitive data, potentially enabling remote command execution.
Deeper analysisAI
CVE-2024-7034 is a directory traversal vulnerability (CWE-22) in open-webui version 0.3.8 that enables arbitrary file writes. The issue affects the `/models/upload` endpoint, where user-supplied filenames are not validated or sanitized before use in path construction. Specifically, the code sets `file_path = f"{UPLOAD_DIR}/{file.filename}"`, allowing attackers to manipulate the `file.filename` parameter with traversal sequences to escape the intended upload directory.
Attackers require network access and high privileges (PR:H per CVSS v3.1 score of 7.2: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) to exploit this unauthenticated endpoint. By crafting a malicious filename, such as one containing `../` sequences, they can overwrite arbitrary files outside `UPLOAD_DIR`, including system binaries, configuration files, or sensitive data. This could enable unauthorized modifications and potentially lead to remote command execution.
Mitigation details are available in the Huntr advisory at https://huntr.com/bounties/711beada-10fe-4567-9278-80a689da8613, published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Open WebUI is a self-hosted web interface for managing and interacting with large language models (LLMs), functioning as an AI assistant platform. The vulnerability is in the `/models/upload` endpoint, directly related to AI model handling.