CVE-2024-7760
Published: 20 March 2025
Summary
CVE-2024-7760 is a critical-severity CSRF (CWE-352) vulnerability in Aimstack Aim. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2024-7760 is a Cross-Site Request Forgery (CSRF) vulnerability in aimhubio/aim version 3.22.0, affecting the tracking server component. The flaw arises from overly permissive CORS settings that allow cross-origin requests from all origins, enabling CSRF attacks on all endpoints of the tracking server. Published on 2025-03-20, it carries a CVSS score of 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and maps to CWE-352.
The vulnerability can be exploited by remote attackers with network access and no privileges required, though it relies on user interaction such as visiting a malicious webpage. This setup allows attackers to forge requests from a victim's browser to the tracking server, performing unauthorized actions on the user's behalf across all endpoints. Exploitation can be chained with other existing vulnerabilities in the software to achieve remote code execution, denial of service, or arbitrary file read/write capabilities.
Mitigation details and additional advisory information are available in the Huntr bounty report at https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6957
Vulnerability details
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server,…
more
which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF vulnerability due to overly permissive CORS in the tracking server enables exploitation of a public-facing web application, facilitating unauthorized cross-origin requests to all endpoints that can chain to RCE, DoS, and arbitrary file read/write.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires establishment and enforcement of secure configuration settings for the tracking server to restrict CORS to trusted origins, directly addressing the overly permissive settings enabling CSRF.
Enforces approved information flow control policies that prohibit unauthorized cross-origin requests to all tracking server endpoints.
Validates information inputs such as origin headers or requires anti-CSRF tokens to block forged cross-site requests to the vulnerable endpoints.