Cyber Posture

CVE-2024-8999

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
15 October 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0040 60.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel.

Security Summary

CVE-2024-8999 is an improper access control vulnerability (CWE-862) in lunary-ai/lunary version 1.4.25. The flaw affects the POST /api/v1/data-warehouse/bigquery endpoint, which permits any user to export the entire database by creating a stream to Google BigQuery without requiring proper authentication or authorization. Published on 2025-03-20, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no requirements for privileges or user interaction.

Any network-accessible attacker can exploit this vulnerability without authentication. By sending a crafted POST request to the endpoint, they can establish a data stream that exfiltrates the full database contents to a Google BigQuery instance they control, potentially compromising sensitive information stored in Lunary deployments.

The vulnerability is addressed in lunary-ai/lunary version 1.4.26. Security practitioners should upgrade to this version immediately. Additional details are available in the fixing GitHub commit at https://github.com/lunary-ai/lunary/commit/aa0fd22952d1d84a717ae563eb1ab564d94a9e2b and the Huntr bounty report at https://huntr.com/bounties/d42b7a44-0dcb-4ef0-b15c-d0e558da65c6.

Details

CWE(s)
CWE-862NVD-CWE-noinfo

Affected Products

lunary
lunary
≤ 1.4.26

AI Security Analysis

AI Category
Enterprise AI Assistants
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Lunary (lunary-ai) is an open-source LLM observability and analytics platform used for monitoring and managing LLM applications in enterprise settings, fitting the Enterprise AI Assistants category.

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
T1567.002 Exfiltration to Cloud Storage Exfiltration
Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel.
attack.mitre.org →
Why these techniques?

The improper access control vulnerability in the API endpoint enables exploitation of a public-facing application (T1190), facilitates unauthorized collection of data from the database (T1213.006), and allows exfiltration of the entire database to Google BigQuery cloud storage (T1567.002).

References