CVE-2024-8958 HIGH

CVE-2024-8958: Unrestricted File Write and Read in composiohq/composio

Vendor Composiohq
Product composiohq/composio
Weakness CWE-434 · Unrestricted file upload
Published March 20, 2025
Last update March 20, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated