Cyber Posture

CVE-2024-10361

CriticalPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
15 October 2025
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0007 21.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may delete files left behind by the actions of their intrusion activity.

Security Summary

CVE-2024-10361 is an arbitrary file deletion vulnerability in danny-avila/librechat version v0.7.5-rc2, affecting the /api/files endpoint due to improper input validation. This flaw enables path traversal attacks (CWE-22), allowing attackers to delete files outside the intended directory. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), highlighting its critical severity with high impacts on integrity and availability but no confidentiality loss.

Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Successful exploitation lets them bypass security controls to delete arbitrary files, such as critical system files, user data, or application resources, potentially disrupting system integrity and availability.

Mitigation details are provided in the referenced GitHub commit (https://github.com/danny-avila/librechat/commit/0b744db1e2af31a531ffb761584d85540430639c), which addresses the issue, and the Huntr advisory (https://huntr.com/bounties/e811f7f7-9556-4564-82e2-5b3d17599b2d). Security practitioners should update to a patched version of LibreChat beyond v0.7.5-rc2 and validate inputs to prevent path traversal in file-handling endpoints.

Details

CWE(s)
CWE-22

Affected Products

librechat
librechat
0.7.5

AI Security Analysis

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
LibreChat is an open-source AI chat platform (self-hosted ChatGPT alternative) supporting multiple LLMs like OpenAI and Ollama, fitting the Enterprise AI Assistants category. The vulnerability is in its /api/files endpoint, confirmed AI-related via AI/ML bug bounty platform (huntr.com).

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
Why these techniques?

The path traversal vulnerability in the public-facing /api/files endpoint of LibreChat enables exploitation of a public-facing application (T1190) and facilitates arbitrary file deletion for indicator removal and defense evasion (T1070.004).

References