CVE-2024-8958

CriticalPublic PoC

Published: 20 March 2025

Published

20 March 2025

Modified

01 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0127 79.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8958 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Composio Composio. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the improper validation of file paths by requiring checks on information inputs to block path traversal attacks enabling arbitrary file read/write.

SI-9 Information Input Restrictions good match

prevent

Restricts file path inputs to organization-defined safe locations, preventing attackers from specifying arbitrary paths to access or modify files anywhere on the server.

AC-6 Least Privilege partial match

prevent

Enforces least privilege on processes handling file operations, limiting the scope of damage from successful arbitrary file read/write or potential privilege escalation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

The vulnerability is a remote unauthenticated path traversal flaw in a public-facing application enabling arbitrary file read/write, directly mapping to T1190 for initial access and facilitating T1005 for collecting data from the local system.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation…

or remote code execution.

Deeper analysisAI

CVE-2024-8958 is an unrestricted file write and read vulnerability in the filetools actions of composiohq/composio version 0.4.3. The issue stems from improper validation of file paths, enabling attackers to access and modify files anywhere on the server. Published on 2025-03-20, it is associated with CWE-434 and carries a CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to high impacts on confidentiality, integrity, and availability.

Remote unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By manipulating file paths in filetools actions, they can read sensitive files or write arbitrary content, potentially achieving privilege escalation or remote code execution on the affected server.

Mitigation details are available in the advisory published on Huntr at https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68. Security practitioners should review this reference for patch information and remediation steps specific to composio version 0.4.3.