Cyber Posture

CVE-2024-8551

CriticalPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0030 53.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

Security Summary

CVE-2024-8551 is a path traversal vulnerability (CWE-23) affecting the save-workflow and load-workflow functionality in modelscope/agentscope versions prior to the fixed release. Published on 2025-03-20, it allows attackers to read and write arbitrary JSON files on the filesystem, potentially exposing or modifying sensitive information such as configuration files, API keys, and hardcoded passwords. The issue carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high confidentiality and integrity impacts.

An unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. By leveraging the flawed workflow save and load features, the attacker can traverse directories to access or alter any JSON file, enabling data exfiltration of secrets or injection of malicious configurations that could facilitate further compromise.

The Huntr advisory at https://huntr.com/bounties/e0c0c294-f1e2-4f2c-a632-a9be9fd06989 details the vulnerability and fix. Mitigation involves updating modelscope/agentscope to the patched version to address the path traversal flaw.

Details

CWE(s)
CWE-23

Affected Products

modelscope
agentscope
all versions

AI Security Analysis

AI Category
AI Agent Protocols and Integrations
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
The vulnerability affects AgentScope, a framework within ModelScope for building, deploying, and managing multi-agent AI systems, fitting AI agent protocols and integrations.

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

Path traversal vulnerability enables exploitation of public-facing application (T1190) and reading arbitrary files to access unsecured credentials in configuration files, API keys, and hardcoded passwords (T1552.001).

References