CVE-2024-8551 CRITICAL

CVE-2024-8551: Path Traversal in modelscope/agentscope

Vendor Modelscope
Product modelscope/agentscope
Weakness CWE-23
Published March 20, 2025
Last update October 15, 2025

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
October 15, 2025 Record updated