CVE-2024-9415 – A path traversal vulnerability in transformerop... (How to Fix)

Q: What is the severity of CVE-2024-9415?

CVE-2024-9415 has a CVSS score of 8.8 (HIGH). A path traversal vulnerability in transformeroptimus/superagi version 0.0.14 allows attackers to upload arbitrary files to any location on the server. This can lead to remote code execution or file overwriting attacks. Organizations using this specific version of the superagi software are affected.

📋 TL;DR

A path traversal vulnerability in transformeroptimus/superagi version 0.0.14 allows attackers to upload arbitrary files to any location on the server. This can lead to remote code execution or file overwriting attacks. Organizations using this specific version of the superagi software are affected.

💻 Affected Systems

Products:

transformeroptimus/superagi

Versions: 0.0.14

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects version 0.0.14; earlier versions may also be vulnerable but not confirmed.

📦 What is this software?

Superagi by Superagi

View all CVEs affecting Superagi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through remote code execution, data destruction via file overwriting, or persistent backdoor installation.

🟠

Likely Case

Unauthorized file upload leading to web shell deployment, sensitive file access, or denial of service through critical file corruption.

🟢

If Mitigated

Limited impact with proper file upload validation, restricted permissions, and network segmentation preventing exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of path traversal techniques and file upload mechanisms.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.0.15 or later

Vendor Advisory: https://huntr.com/bounties/31bdf98c-5205-4c48-9bc7-9e780ba63398

Restart Required: No

Instructions:

1. Update superagi to version 0.0.15 or later using pip: pip install --upgrade superagi 2. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable file upload functionality

all

Temporarily disable the vulnerable file upload feature until patching is possible.

Implement file upload validation

all

Add server-side validation to restrict file uploads to safe locations and extensions.

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to trusted sources only.
Deploy web application firewall (WAF) rules to detect and block path traversal attempts.

🔍 How to Verify

Check if Vulnerable:

Check the installed superagi version: pip show superagi | grep Version

Check Version:

pip show superagi | grep Version

Verify Fix Applied:

Confirm version is 0.0.15 or later: pip show superagi | grep Version

📡 Detection & Monitoring

Log Indicators:

Unusual file upload attempts with directory traversal sequences (../)
File writes to unexpected server locations

Network Indicators:

HTTP POST requests to upload endpoints containing path traversal patterns

SIEM Query:

source="web_logs" AND (url="*upload*" AND (data="*../*" OR data="*..\\*"))

📊 Metadata

CVE ID: CVE-2024-9415

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 1.35% exploit probability (79.8th percentile)

Published: March 20, 2025

Last Updated: July 29, 2025

🔗 References

https://huntr.com/bounties/31bdf98c-5205-4c48-9bc7-9e780ba63398 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9415, you might also want to check these: