CVE-2024-8501

HIGH EPSS 55.8%

Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Mar 20, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network.

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

55.8% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-36

Affected Products 1

Vendor	Product	Version	Range
modelscope	agentscope	0.0.4	any

References 1

huntr.com https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c

Exploit

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.