Unrestricted File Write and Read Vulnerability in Composio by ComposioHQ
CVE-2024-8958

9.8CRITICAL

Key Information:

Vendor

Composiohq

Vendor
CVE Published:
20 March 2025

What is CVE-2024-8958?

In version 0.4.3 of Composio, developed by ComposioHQ, a crucial vulnerability allows for unrestricted file write and read actions due to inadequate validation of file paths. This flaw enables an attacker to manipulate files on the server freely, risking unauthorized access to sensitive data and the potential for privilege escalation or remote code execution. It's essential to secure this vulnerability promptly to protect your system from exploitation.

Affected Version(s)

composiohq/composio <= unspecified

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.