Modelscope Agentscope Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A path traversal vulnerability has been identified in the modelscope/agentscope application, affecting all versions. This vulnerability exists in the /delete-workflow endpoint, where improper input validation allows attackers to manipulate file paths and delete arbitrary files from the filesystem, including sensitive files located outside of the intended directory.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion, which could lead to the removal of critical application or system files.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Modelscope Agentscope Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating