Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1xmd-hhwq-xuay
Vulnerability ID VCID-1xmd-hhwq-xuay
Aliases CVE-2024-8501
GHSA-p6h7-hfj2-vmcf
PYSEC-2025-82
Summary An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-36 Absolute Path Traversal
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 7.5 https://github.com/modelscope/agentscope
generic_textual HIGH https://github.com/modelscope/agentscope
cvssv3.1 7.5 https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c
cvssv3.1 8.8 https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c
generic_textual HIGH https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-8501
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-8501
Reference id Reference type URL
https://github.com/modelscope/agentscope
https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c
CVE-2024-8501 https://nvd.nist.gov/vuln/detail/CVE-2024-8501
GHSA-p6h7-hfj2-vmcf https://github.com/advisories/GHSA-p6h7-hfj2-vmcf
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/modelscope/agentscope
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8501
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:22:54.123198+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/agentscope/PYSEC-2025-82.yaml 38.6.0