CVE-2024-7043
Published: 20 March 2025
Summary
CVE-2024-7043 is a high-severity Missing Authorization (CWE-862) vulnerability in Openwebui Open Webui. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 40.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Data-Related Vulnerabilities risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 mandates enforcement of approved authorizations for access to system resources, directly addressing the lack of admin verification on file listing, viewing, and deletion APIs.
AC-6 enforces least privilege, preventing low-privileged attackers from accessing or deleting files reserved for administrators.
AC-24 requires access control decisions based on policy, mitigating unauthorized file operations by ensuring proper authorization checks before granting access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper access control vulnerability allows unauthorized attackers to list all files (T1083), retrieve file contents (T1005), and delete any files (T1070.004).
NVD Description
An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information…
more
on all files uploaded by users, which includes the ID values. The attacker can then use the GET /api/v1/files/{file_id} interface to obtain information on any file and the DELETE /api/v1/files/{file_id} interface to delete any file.
Deeper analysisAI
CVE-2024-7043 is an improper access control vulnerability (CWE-862) in open-webui/open-webui version 0.3.8. The issue stems from the application failing to verify whether a user is an administrator before allowing access to file management functions. Attackers can directly invoke the GET /api/v1/files/ endpoint to retrieve information on all files uploaded by users, including their ID values.
A low-privileged remote attacker (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By first listing all files via GET /api/v1/files/, the attacker obtains file IDs, then uses GET /api/v1/files/{file_id} to view any file's contents and DELETE /api/v1/files/{file_id} to delete it. This results in high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in the CVSS v3.1 base score of 8.8.
Mitigation details and additional information are available in the advisory published on Huntr at https://huntr.com/bounties/c01e0c7f-68d8-45cf-91d2-521c97f33b00. The vulnerability was published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Open WebUI is a self-hosted web interface for LLMs (e.g., Ollama, OpenAI-compatible APIs), functioning as an enterprise-grade AI assistant platform. The vulnerability affects its file management APIs, which handle user-uploaded files for AI interactions like RAG.