What is the CVSS score of CVE-2024-7776?

CVE-2024-7776 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 1.5%.

Which versions of Onnx are affected by CVE-2024-7776?

CVE-2024-7776 presents critical security risk, a path traversal vulnerability rated CVSS 9.1.. A patch is available.

Is there a public PoC exploit available for CVE-2024-7776?

Yes, a public proof-of-concept exploit is available for CVE-2024-7776. Prioritise patching immediately. EPSS: 1.5%.

How to fix or mitigate CVE-2024-7776?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Onnx CVE-2024-7776

CRITICAL

Path Traversal (CWE-22)

2025-03-20 security@huntr.dev

Path Traversal Onnx Suse

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

SUSE

8.1 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

PoC Detected

Mar 26, 2025 - 17:20 vuln.today

Public exploit code

CVE Published

Mar 20, 2025 - 10:15 nvd

CRITICAL 9.1

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

138 pypi packages depend on onnx (87 direct, 54 indirect)

Ecosystem-wide dependent count for version 1.17.0.

DescriptionCVE.org

A vulnerability in the download_model function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

AnalysisAI

A vulnerability in the download_model function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A vulnerability in the download_model function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution. Affected products include: Onnx. Version information: version 1.16.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

Vendor StatusVendor

SUSE

Severity: High

CVE-2024-7776 vulnerability details – vuln.today

Back

Onnx CVE-2024-7776

Severity by source

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code