Cyber Resilience

CVE-2024-8238

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
15 October 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0039 60.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8238 is a high-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Aimstack Aim. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2024-8238 is a vulnerability in version 3.22.0 of aimhubio/aim, an open-source tool likely used for machine learning experiment tracking. The issue resides in the AimQL query language, which relies on an outdated version of the safer_getattr() function from RestrictedPython. This implementation fails to protect against the str.format_map() method, enabling attackers to read arbitrary attributes of Python objects and leak server-side secrets, such as those in os.environ, or potentially achieve unrestricted code execution.

Remote, unauthenticated attackers can exploit this vulnerability over the network with no user interaction required, though it demands high attack complexity. Initial exploitation allows extraction of sensitive environment variables and other secrets. If the attacker can write files to a known location on the Aim server, they can leverage str.format_map() to load a malicious .dll or .so file into the Python interpreter, resulting in full code execution. The CVSS v3.1 base score is 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-1336 (Incorrect Handling of Shared Resource Lifetime).

Details on advisories, patches, or mitigations are available in the Huntr bounty report at https://huntr.com/bounties/4e140ef9-f6d1-4e68-a44c-3b9e856924d3, published on 2025-03-20.

EU & UK References

Vulnerability details

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code…

more

execution. The vulnerability arises because str.format_map() can read arbitrary attributes of Python objects, enabling attackers to access sensitive variables such as os.environ. If an attacker can write files to a known location on the Aim server, they can use str.format_map() to load a malicious .dll/.so file into the Python interpreter, leading to unrestricted code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Vulnerability in AimQL enables exploitation of public-facing Aim server (T1190), leaking server-side secrets like os.environ (T1212), and unrestricted Python code execution (T1059.006) potentially via malicious DLL/SO loading.

CVEs Like This One

CVE-2024-7760Same product: Aimstack Aim
CVE-2025-0189Same product: Aimstack Aim
CVE-2025-0190Same product: Aimstack Aim
CVE-2025-51464Same product: Aimstack Aim
CVE-2024-8769Same product: Aimstack Aim
CVE-2026-35477Shared CWE-1336
CVE-2026-27961Shared CWE-1336
CVE-2026-21448Shared CWE-1336
CVE-2025-53909Shared CWE-1336
CVE-2026-34587Shared CWE-1336

Affected Assets

aimstack
aim
3.22.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses CVE-2024-8238 by patching the outdated safer_getattr() function in AimQL to prevent str.format_map() exploitation.

prevent

Information input validation on AimQL queries prevents attackers from injecting malicious str.format_map() payloads to access arbitrary attributes like os.environ.

prevent

Information output filtering blocks the disclosure of server-side secrets leaked through exploited AimQL query responses.

References