CVE-2024-12375

MEDIUM

Automatic1111 Stable-diffusion-webui - Absolute Path Traversal

Title source: rule

Description

A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system by sending a specially crafted request to the application.

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/21952043-395f-4cd3-9374-b73ab9612f27

Scores

CVSS v3 6.5

EPSS 0.0172

EPSS Percentile 82.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-36

Status published

Products (1)

automatic1111/stable-diffusion-webui 2024-07-27

Published Mar 20, 2025

Tracked Since Feb 18, 2026