Cyber Resilience

CVE-2024-9415

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
29 July 2025
KEV Added
Patch
CVSS Score v3 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0274 86.3th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9415 is a high-severity Path Traversal (CWE-22) vulnerability in Superagi Superagi. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. The flaw, tracked as CWE-22, permits an attacker to supply crafted paths during upload operations, enabling arbitrary file placement on the underlying server with a CVSS 3.0 base score of 8.8.

An authenticated remote attacker with low privileges can exploit the issue over the network without user interaction. Successful exploitation can result in remote code execution or the overwrite of arbitrary files on the server.

The associated EPSS score rose from lower values after public disclosure to a peak of 0.0523 on 2026-04-29 before receding to the current value of 0.0274, indicating a period of increased exploitation interest.

EU & UK References

Vulnerability details

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Path traversal vulnerability in file upload enables arbitrary file writes on the server (T1190: Exploit Public-Facing Application), facilitating remote code execution via web shell deployment (T1100: Web Shell) or file overwrites.

Affected Assets

superagi
superagi
0.0.14

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References