Cyber Resilience

CVE-2024-7776

CriticalPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
26 March 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0526 90.2th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7776 is a critical-severity Path Traversal (CWE-22) vulnerability in Onnx Onnx. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 9.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability exists in the download_model function of the onnx/onnx framework in versions up to and including 1.16.1. The issue stems from insufficient safeguards against path traversal in malicious tar files, enabling arbitrary file overwrites on the target system and carrying a CVSS score of 9.1 under CWE-22.

An unauthenticated remote attacker can supply a crafted tar archive to the affected function, overwriting arbitrary files in the user's directory and potentially achieving remote command execution without requiring user interaction.

The vulnerability affects the ONNX machine-learning model interchange format. Its EPSS score has remained flat at 0.0526 with no material increase since disclosure.

EU & UK References

Vulnerability details

A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker…

more

to overwrite files in the user's directory, potentially leading to remote command execution.

CWE(s)

AI Security AnalysisAI

AI Category
Deep Learning Frameworks
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: onnx

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1554 Compromise Host Software Binary Persistence
Adversaries may modify host software binaries to establish persistent access to systems.
Why these techniques?

Path traversal vulnerability in download_model allows arbitrary file overwrites from malicious tar files, enabling exploitation for client execution (T1203) and compromise of host software binaries via overwrite (T1554) for potential RCE.

CVEs Like This One

CVE-2026-30290Shared CWE-22
CVE-2026-22871Shared CWE-22
CVE-2026-4092Shared CWE-22
CVE-2025-67030Shared CWE-22
CVE-2026-30283Shared CWE-22
CVE-2016-20048Shared CWE-22
CVE-2026-40491Shared CWE-22
CVE-2026-30279Shared CWE-22
CVE-2026-28373Shared CWE-22
CVE-2026-20613Shared CWE-22

Affected Assets

onnx
onnx
≤ 1.16.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the path traversal vulnerability by requiring validation of tar file paths and contents in the download_model function to block malicious overwrites.

prevent

Mitigates the flaw by enforcing timely patching of vulnerable onnx/onnx versions up to 1.16.1.

detect

Detects unauthorized file overwrites in the user's directory caused by processing malicious tar files through integrity verification mechanisms.

References