CVE-2024-8958 – This vulnerability allows attackers to read and... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to read and write arbitrary files on servers running composiohq/composio version 0.4.3 due to improper path validation in filetools actions. This affects any system using the vulnerable version of the composio software, potentially leading to complete system compromise.

💻 Affected Systems

Products:

composiohq/composio

Versions: 0.4.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Any deployment using the vulnerable filetools actions is affected regardless of configuration.

📦 What is this software?

Composio by Composio

View all CVEs affecting Composio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, data exfiltration, privilege escalation to root/admin, and persistent backdoor installation.

🟠

Likely Case

Unauthorized file access leading to sensitive data exposure, configuration file modification, or web shell deployment for further attacks.

🟢

If Mitigated

Limited impact if proper file system permissions, network segmentation, and input validation are in place, though risk remains elevated.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires access to the filetools actions endpoint but no authentication. Public proof-of-concept exists on huntr.com.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.4.4 or later

Vendor Advisory: https://huntr.com/bounties/e152b094-0593-428e-b813-068d2390ce68

Restart Required: Yes

Instructions:

1. Update composio to version 0.4.4 or later using pip: pip install --upgrade composio>=0.4.4
2. Restart all composio services and applications
3. Verify the update was successful

🔧 Temporary Workarounds

Disable filetools actions

all

Temporarily disable or remove the vulnerable filetools actions module until patching is possible.

# Remove or comment out filetools actions in your composio configuration

Restrict network access

linux

Limit network access to composio endpoints to trusted IP addresses only.

# Use firewall rules to restrict access
# Example for Linux iptables:
iptables -A INPUT -p tcp --dport [composio_port] -s [trusted_ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [composio_port] -j DROP

🧯 If You Can't Patch

Implement strict file system permissions to limit composio's write access to necessary directories only.
Deploy network segmentation to isolate composio instances from sensitive systems and implement WAF rules to block suspicious file path patterns.

🔍 How to Verify

Check if Vulnerable:

Check if composio version is 0.4.3 by running: pip show composio | grep Version

Check Version:

pip show composio | grep Version

Verify Fix Applied:

Verify version is 0.4.4 or later: pip show composio | grep Version
Test filetools actions with malicious paths to confirm they're rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in composio logs
Requests to filetools actions with path traversal patterns (../, absolute paths)
Failed file operations outside expected directories

Network Indicators:

HTTP requests to composio endpoints containing path traversal sequences
Unusual outbound file transfers from composio servers

SIEM Query:

source="composio.log" AND ("filetools" OR "path traversal" OR "../")

📊 Metadata

CVE ID: CVE-2024-8958

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 1.15% exploit probability (78.1th percentile)

Published: March 20, 2025

Last Updated: April 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8958, you might also want to check these: