Cyber Posture

CVE-2024-7776

CriticalPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
26 March 2025
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0526 90.0th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may modify host software binaries to establish persistent access to systems.

Security Summary

CVE-2024-7776 is a path traversal vulnerability (CWE-22) in the `download_model` function of the onnx/onnx framework, affecting versions before and including 1.16.1. It stems from inadequate validation of tar files, enabling arbitrary file overwrites in the user's directory when processing malicious inputs.

The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating high severity with network accessibility, low attack complexity, no privileges or user interaction required, and unchanged scope. A remote, unauthenticated attacker can exploit it by supplying a crafted tar file, achieving arbitrary file overwrites that may escalate to remote command execution depending on the target environment and overwritten files.

Advisories are available via the Huntr bounty report at https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63, which details the issue discovered in the onnx/onnx repository.

As ONNX is an open format for interoperable AI and machine learning models, this vulnerability is relevant to deployments involving model downloads in ML pipelines. No public information on real-world exploitation is available as of the CVE publication on 2025-03-20.

Details

CWE(s)
CWE-22

Affected Products

onnx
onnx
≤ 1.16.1

AI Security Analysis

AI Category
Deep Learning Frameworks
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
ONNX (Open Neural Network Exchange) is a framework and runtime for machine learning model interchange and inference, primarily used in deep learning pipelines across frameworks like PyTorch and TensorFlow.

MITRE ATT&CK Enterprise Techniques

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1554 Compromise Host Software Binary Persistence
Adversaries may modify host software binaries to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Path traversal vulnerability in download_model allows arbitrary file overwrites from malicious tar files, enabling exploitation for client execution (T1203) and compromise of host software binaries via overwrite (T1554) for potential RCE.

References