Cyber Resilience

CVE-2024-8551

CriticalPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0030 53.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8551 is a critical-severity Relative Path Traversal (CWE-23) vulnerability in Modelscope Agentscope. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-8551 is a path traversal vulnerability (CWE-23) affecting the save-workflow and load-workflow functionality in modelscope/agentscope versions prior to the fixed release. Published on 2025-03-20, it allows attackers to read and write arbitrary JSON files on the filesystem, potentially exposing or modifying sensitive information such as configuration files, API keys, and hardcoded passwords. The issue carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high confidentiality and integrity impacts.

An unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. By leveraging the flawed workflow save and load features, the attacker can traverse directories to access or alter any JSON file, enabling data exfiltration of secrets or injection of malicious configurations that could facilitate further compromise.

The Huntr advisory at https://huntr.com/bounties/e0c0c294-f1e2-4f2c-a632-a9be9fd06989 details the vulnerability and fix. Mitigation involves updating modelscope/agentscope to the patched version to address the path traversal flaw.

EU & UK References

Vulnerability details

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification…

more

of sensitive information such as configuration files, API keys, and hardcoded passwords.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Path traversal vulnerability enables exploitation of public-facing application (T1190) and reading arbitrary files to access unsecured credentials in configuration files, API keys, and hardcoded passwords (T1552.001).

CVEs Like This One

CVE-2024-8487Same product: Modelscope Agentscope
CVE-2024-8501Same product: Modelscope Agentscope
CVE-2024-8524Same product: Modelscope Agentscope
CVE-2025-67366Shared CWE-23
CVE-2025-58760Shared CWE-23
CVE-2026-33494Shared CWE-23
CVE-2026-8361Shared CWE-23
CVE-2026-41948Shared CWE-23
CVE-2026-25057Shared CWE-23
CVE-2025-25130Shared CWE-23

Affected Assets

modelscope
agentscope
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely flaw remediation through patching modelscope/agentscope to fix the path traversal vulnerability.

prevent

Prevents path traversal exploitation in save-workflow and load-workflow by enforcing input validation mechanisms to reject malicious directory traversal sequences.

prevent

Limits damage from successful path traversal by applying least privilege to restrict the application's filesystem access to only necessary directories and files.

References