CVE-2024-7034

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Published Mar 20, 2025

CWE ID 22

Summary

CVE-2024-7034 is a vulnerability affecting open-webui version 0.3.8. The issue lies in the `/models/upload` endpoint, which is susceptible to arbitrary file writing due to insufficient input validation. An attacker can exploit this by crafting malicious filenames containing directory traversal sequences. The resulting `file_path` may escape the intended `UPLOAD_DIR`, enabling the attacker to overwrite arbitrary files on the system. This can result in unauthorized modifications of critical system binaries, configuration files, or sensitive data, potentially leading to remote command execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xMiJe5
https://www.cve.org/CVERecord?id=CVE-2024-7034
https://nvd.nist.gov/vuln/detail/CVE-2024-7034

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-7034

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations