aim LocalFileManager Arbitrary File Deletion Vulnerability

Vulnerability

In aim version 3.22.0, the LocalFileManager._cleanup function in the aim tracking server allows users to specify glob patterns for file deletion. However, the function fails to ensure that the files matched by the glob pattern are within the directory managed by LocalFileManager. This oversight enables the possibility of arbitrary file deletion.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of files on the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

aim LocalFileManager Arbitrary File Deletion Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating