CVE-2024-7776
Published: 20 March 2025
Summary
CVE-2024-7776 is a critical-severity Path Traversal (CWE-22) vulnerability in Onnx Onnx. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 9.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability exists in the download_model function of the onnx/onnx framework in versions up to and including 1.16.1. The issue stems from insufficient safeguards against path traversal in malicious tar files, enabling arbitrary file overwrites on the target system and carrying a CVSS score of 9.1 under CWE-22.
An unauthenticated remote attacker can supply a crafted tar archive to the affected function, overwriting arbitrary files in the user's directory and potentially achieving remote command execution without requiring user interaction.
The vulnerability affects the ONNX machine-learning model interchange format. Its EPSS score has remained flat at 0.0526 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6946
Vulnerability details
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker…
more
to overwrite files in the user's directory, potentially leading to remote command execution.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: onnx
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability in download_model allows arbitrary file overwrites from malicious tar files, enabling exploitation for client execution (T1203) and compromise of host software binaries via overwrite (T1554) for potential RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the path traversal vulnerability by requiring validation of tar file paths and contents in the download_model function to block malicious overwrites.
Mitigates the flaw by enforcing timely patching of vulnerable onnx/onnx versions up to 1.16.1.
Detects unauthorized file overwrites in the user's directory caused by processing malicious tar files through integrity verification mechanisms.