Cyber Resilience

CVE-2024-7760

CriticalPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
21 July 2025
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0023 45.8th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7760 is a critical-severity CSRF (CWE-352) vulnerability in Aimstack Aim. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2024-7760 is a Cross-Site Request Forgery (CSRF) vulnerability in aimhubio/aim version 3.22.0, affecting the tracking server component. The flaw arises from overly permissive CORS settings that allow cross-origin requests from all origins, enabling CSRF attacks on all endpoints of the tracking server. Published on 2025-03-20, it carries a CVSS score of 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and maps to CWE-352.

The vulnerability can be exploited by remote attackers with network access and no privileges required, though it relies on user interaction such as visiting a malicious webpage. This setup allows attackers to forge requests from a victim's browser to the tracking server, performing unauthorized actions on the user's behalf across all endpoints. Exploitation can be chained with other existing vulnerabilities in the software to achieve remote code execution, denial of service, or arbitrary file read/write capabilities.

Mitigation details and additional advisory information are available in the Huntr bounty report at https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229.

EU & UK References

Vulnerability details

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server,…

more

which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CSRF vulnerability due to overly permissive CORS in the tracking server enables exploitation of a public-facing web application, facilitating unauthorized cross-origin requests to all endpoints that can chain to RCE, DoS, and arbitrary file read/write.

CVEs Like This One

CVE-2024-8238Same product: Aimstack Aim
CVE-2025-0189Same product: Aimstack Aim
CVE-2025-0190Same product: Aimstack Aim
CVE-2024-8769Same product: Aimstack Aim
CVE-2025-51464Same product: Aimstack Aim
CVE-2025-31677Shared CWE-352
CVE-2024-37102Shared CWE-352
CVE-2024-37450Shared CWE-352
CVE-2025-23558Shared CWE-352
CVE-2025-68722Shared CWE-352

Affected Assets

aimstack
aim
3.22.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires establishment and enforcement of secure configuration settings for the tracking server to restrict CORS to trusted origins, directly addressing the overly permissive settings enabling CSRF.

prevent

Enforces approved information flow control policies that prohibit unauthorized cross-origin requests to all tracking server endpoints.

prevent

Validates information inputs such as origin headers or requires anti-CSRF tokens to block forged cross-site requests to the vulnerable endpoints.

References