CVE-2024-7034
Published: 20 March 2025
Description
Adversaries may modify host software binaries to establish persistent access to systems.
Security Summary
CVE-2024-7034 is a directory traversal vulnerability (CWE-22) in open-webui version 0.3.8 that enables arbitrary file writes. The issue affects the `/models/upload` endpoint, where user-supplied filenames are not validated or sanitized before use in path construction. Specifically, the code sets `file_path = f"{UPLOAD_DIR}/{file.filename}"`, allowing attackers to manipulate the `file.filename` parameter with traversal sequences to escape the intended upload directory.
Attackers require network access and high privileges (PR:H per CVSS v3.1 score of 7.2: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) to exploit this unauthenticated endpoint. By crafting a malicious filename, such as one containing `../` sequences, they can overwrite arbitrary files outside `UPLOAD_DIR`, including system binaries, configuration files, or sensitive data. This could enable unauthorized modifications and potentially lead to remote command execution.
Mitigation details are available in the Huntr advisory at https://huntr.com/bounties/711beada-10fe-4567-9278-80a689da8613, published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Open WebUI is a self-hosted web interface for managing and interacting with large language models (LLMs), functioning as an AI assistant platform. The vulnerability is in the `/models/upload` endpoint, directly related to AI model handling.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Directory traversal in /models/upload enables exploitation of public-facing web application (T1190) for arbitrary file writes, allowing overwrite of system binaries and configs to compromise host software (T1554), potentially leading to RCE.