CVE-2024-8551
Published: 20 March 2025
Summary
CVE-2024-8551 is a critical-severity Relative Path Traversal (CWE-23) vulnerability in Modelscope Agentscope. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely flaw remediation through patching modelscope/agentscope to fix the path traversal vulnerability.
Prevents path traversal exploitation in save-workflow and load-workflow by enforcing input validation mechanisms to reject malicious directory traversal sequences.
Limits damage from successful path traversal by applying least privilege to restrict the application's filesystem access to only necessary directories and files.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability enables exploitation of public-facing application (T1190) and reading arbitrary files to access unsecured credentials in configuration files, API keys, and hardcoded passwords (T1552.001).
NVD Description
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification…
more
of sensitive information such as configuration files, API keys, and hardcoded passwords.
Deeper analysisAI
CVE-2024-8551 is a path traversal vulnerability (CWE-23) affecting the save-workflow and load-workflow functionality in modelscope/agentscope versions prior to the fixed release. Published on 2025-03-20, it allows attackers to read and write arbitrary JSON files on the filesystem, potentially exposing or modifying sensitive information such as configuration files, API keys, and hardcoded passwords. The issue carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high confidentiality and integrity impacts.
An unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. By leveraging the flawed workflow save and load features, the attacker can traverse directories to access or alter any JSON file, enabling data exfiltration of secrets or injection of malicious configurations that could facilitate further compromise.
The Huntr advisory at https://huntr.com/bounties/e0c0c294-f1e2-4f2c-a632-a9be9fd06989 details the vulnerability and fix. Mitigation involves updating modelscope/agentscope to the patched version to address the path traversal flaw.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The vulnerability affects AgentScope, a framework within ModelScope for building, deploying, and managing multi-agent AI systems, fitting AI agent protocols and integrations.