Cyber Resilience

CVE-2024-9431

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
15 October 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 28.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9431 is a high-severity Unverified Password Change (CWE-620) vulnerability in Superagi Superagi. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Account Manipulation (T1098); ranked at the 28.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-9431 is an improper privilege management vulnerability (CWE-620) affecting version v0.0.14 of transformeroptimus/superagi. The flaw allows authenticated users to change the passwords of other users after logging into the system, potentially enabling account takeover. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

An attacker with low-privilege access, such as a standard authenticated user, can exploit this vulnerability remotely over the network without requiring user interaction. By leveraging the improper privilege management, the attacker can reset passwords for higher-privilege accounts or other targets, achieving full account takeover and potentially escalating control over the system.

The primary advisory is available via the Huntr.com bounty report at https://huntr.com/bounties/9b33d7c1-ed0a-4f5b-a378-694570fd990b, which details the issue discovered in transformeroptimus/superagi v0.0.14. Security practitioners should consult this reference for guidance on patches, workarounds, or updated versions addressing the vulnerability.

EU & UK References

Vulnerability details

In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
Why these techniques?

The improper privilege management vulnerability allows authenticated users to change other users' passwords, directly enabling account manipulation (T1098) for account takeover.

CVEs Like This One

CVE-2026-40588Shared CWE-620
CVE-2026-24443Shared CWE-620
CVE-2026-27757Shared CWE-620
CVE-2026-24440Shared CWE-620
CVE-2025-1107Shared CWE-620
CVE-2026-42084Shared CWE-620
CVE-2024-45647Shared CWE-620
CVE-2024-12860Shared CWE-620
CVE-2024-13375Shared CWE-620
CVE-2026-30458Shared CWE-620

Affected Assets

superagi
superagi
0.0.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Least privilege directly prevents authenticated users from having unnecessary permissions to change other users' passwords, addressing the core improper privilege management flaw.

prevent

Account management requires defined procedures and approvals for modifying accounts, ensuring only authorized personnel can change other users' passwords.

prevent

Authenticator management protects password content from unauthorized modification, mitigating the ability of low-privilege users to reset others' passwords.

References