CVE-2024-8537
Published: 20 March 2025
Summary
CVE-2024-8537 is a critical-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Modelscope Agentscope. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6905
Vulnerability details
A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling the…
more
attacker to manipulate file paths and delete sensitive files outside of the intended directory.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing /delete-workflow endpoint enables exploitation of public-facing applications (T1190) and arbitrary file deletion outside intended directories for indicator removal (T1070.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.