CVE-2024-7760

CriticalPublic PoC

Published: 20 March 2025

Published

20 March 2025

Modified

21 July 2025

KEV Added

—

Patch

—

CVSS Score 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0023 45.5th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2024-7760 is a Cross-Site Request Forgery (CSRF) vulnerability in aimhubio/aim version 3.22.0, affecting the tracking server component. The flaw arises from overly permissive CORS settings that allow cross-origin requests from all origins, enabling CSRF attacks on all endpoints of the tracking server. Published on 2025-03-20, it carries a CVSS score of 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and maps to CWE-352.

The vulnerability can be exploited by remote attackers with network access and no privileges required, though it relies on user interaction such as visiting a malicious webpage. This setup allows attackers to forge requests from a victim's browser to the tracking server, performing unauthorized actions on the user's behalf across all endpoints. Exploitation can be chained with other existing vulnerabilities in the software to achieve remote code execution, denial of service, or arbitrary file read/write capabilities.

Mitigation details and additional advisory information are available in the Huntr bounty report at https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229.

Details

CWE(s): CWE-352

Affected Products

aimstack

aim

3.22.0

AI Security Analysis

AI Category: Other Platforms
Risk Domain: Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Aim (aimhubio/aim) is an open-source experiment tracking platform for AI/ML workflows, fitting 'Other Platforms' as it supports ML experiment management but does not match specific framework/library categories.

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CSRF vulnerability due to overly permissive CORS in the tracking server enables exploitation of a public-facing web application, facilitating unauthorized cross-origin requests to all endpoints that can chain to RCE, DoS, and arbitrary file read/write.

References

https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229
Exploit, Third Party Advisory · security@huntr.dev