CVE-2024-7776
Published: 20 March 2025
Summary
CVE-2024-7776 is a critical-severity Path Traversal (CWE-22) vulnerability in Onnx Onnx. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 10.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the path traversal vulnerability by requiring validation of tar file paths and contents in the download_model function to block malicious overwrites.
Mitigates the flaw by enforcing timely patching of vulnerable onnx/onnx versions up to 1.16.1.
Detects unauthorized file overwrites in the user's directory caused by processing malicious tar files through integrity verification mechanisms.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability in download_model allows arbitrary file overwrites from malicious tar files, enabling exploitation for client execution (T1203) and compromise of host software binaries via overwrite (T1554) for potential RCE.
NVD Description
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker…
more
to overwrite files in the user's directory, potentially leading to remote command execution.
Deeper analysisAI
CVE-2024-7776 is a path traversal vulnerability (CWE-22) in the `download_model` function of the onnx/onnx framework, affecting versions before and including 1.16.1. It stems from inadequate validation of tar files, enabling arbitrary file overwrites in the user's directory when processing malicious inputs.
The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating high severity with network accessibility, low attack complexity, no privileges or user interaction required, and unchanged scope. A remote, unauthenticated attacker can exploit it by supplying a crafted tar file, achieving arbitrary file overwrites that may escalate to remote command execution depending on the target environment and overwritten files.
Advisories are available via the Huntr bounty report at https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63, which details the issue discovered in the onnx/onnx repository.
As ONNX is an open format for interoperable AI and machine learning models, this vulnerability is relevant to deployments involving model downloads in ML pipelines. No public information on real-world exploitation is available as of the CVE publication on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- ONNX (Open Neural Network Exchange) is a framework and runtime for machine learning model interchange and inference, primarily used in deep learning pipelines across frameworks like PyTorch and TensorFlow.