CVE-2024-7776 – A path traversal vulnerability in the ONNX fram... (How to Fix)

Q: What is the severity of CVE-2024-7776?

CVE-2024-7776 has a CVSS score of 9.1 (CRITICAL). A path traversal vulnerability in the ONNX framework's download_model function allows attackers to overwrite arbitrary files by exploiting malicious tar archives. This affects users of ONNX versions up to 1.16.1 who download models from untrusted sources, potentially leading to remote code execution.

📋 TL;DR

A path traversal vulnerability in the ONNX framework's download_model function allows attackers to overwrite arbitrary files by exploiting malicious tar archives. This affects users of ONNX versions up to 1.16.1 who download models from untrusted sources, potentially leading to remote code execution.

💻 Affected Systems

Products:

ONNX (Open Neural Network Exchange)

Versions: All versions up to and including 1.16.1

Operating Systems: All platforms running ONNX

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when downloading models via the download_model function from untrusted sources.

📦 What is this software?

Onnx by Onnx

View all CVEs affecting Onnx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote command execution with the privileges of the ONNX process, potentially leading to full system compromise.

🟠

Likely Case

Arbitrary file overwrite in the user's directory, enabling data corruption, privilege escalation, or persistence mechanisms.

🟢

If Mitigated

Limited to file corruption in isolated environments with strict file permissions and no sensitive data in accessible directories.

🌐 Internet-Facing: HIGH - Exploitable via downloading models from untrusted sources, which is common in ML workflows.

🏢 Internal Only: MEDIUM - Requires user interaction to download malicious content, but internal threat actors could exploit it.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the user to download a malicious tar file, but the vulnerability itself is straightforward to trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.16.2 and later

Vendor Advisory: https://github.com/onnx/onnx/security/advisories

Restart Required: No

Instructions:

1. Update ONNX using pip: 'pip install --upgrade onnx>=1.16.2'. 2. Verify the update with 'pip show onnx'. 3. No restart required as it's a library update.

🔧 Temporary Workarounds

Validate tar file contents

all

Manually inspect and validate tar file contents before extraction in the download_model function.

# Custom validation script required - no single command

Use trusted model sources only

all

Restrict model downloads to verified, trusted repositories and sources.

🧯 If You Can't Patch

Implement strict file permissions to limit write access to critical directories.
Monitor and audit file system changes in directories where ONNX downloads models.

🔍 How to Verify

Check if Vulnerable:

Check ONNX version with 'pip show onnx' or 'python -c "import onnx; print(onnx.__version__)"'. If version is <=1.16.1, the system is vulnerable.

Check Version:

python -c "import onnx; print(onnx.__version__)"

Verify Fix Applied:

After updating, verify version is >=1.16.2 using the same commands.

📡 Detection & Monitoring

Log Indicators:

Unexpected file writes outside expected model directories
Tar extraction errors or warnings in application logs

Network Indicators:

Downloads of tar files from untrusted sources to ONNX applications

SIEM Query:

source="application_logs" AND ("tar extraction" OR "download_model") AND ("path traversal" OR "../")

📊 Metadata

CVE ID: CVE-2024-7776

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-22

EPSS Score: 1.29% exploit probability (79.3th percentile)

Published: March 20, 2025

Last Updated: March 26, 2025

🔗 References

https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63 Exploit,Third Party Advisory
https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7776, you might also want to check these: