A critical vulnerability has been identified in the InvokeAI software suite, rated with a CVSS score of 9.8. This flaw allows an unauthenticated remote attacker to delete arbitrary files on the server, which can lead to a complete system compromise, denial of service, or irreversible data loss. Immediate patching is required to mitigate the significant risk to system integrity and availability.

The vulnerability is a path traversal weakness in the bulk image download API endpoint. An unauthenticated attacker can send a specially crafted GET request to /api/v1/images/download/{bulk_download_item_name}. By manipulating the bulk_download_item_name parameter with path traversal sequences (e.g., ../../), the attacker can break out of the intended web directory and specify an arbitrary file path on the underlying server. The application fails to properly sanitize this input, resulting in the deletion of the specified file with the permissions of the web server's user account.

This vulnerability is of critical severity with a CVSS score of 9.8. Successful exploitation could have devastating consequences for the organization. An attacker could delete critical operating system files, causing a complete denial of service for the application and potentially the entire server. Furthermore, an attacker could erase application data, user-generated content, configuration files, or backups, leading to significant data loss and operational disruption. The ability to delete security logs could also impede forensic investigations following an attack, making it difficult to determine the extent of a compromise.

Immediate Action: Immediately upgrade all instances of InvokeAI to a version higher than v6.0.0a1, as recommended by the vendor. After patching, it is crucial to review web server and application access logs for any signs of past exploitation attempts targeting the vulnerable endpoint.

Proactive Monitoring: Security teams should implement monitoring rules to detect and alert on suspicious requests to the /api/v1/images/download/ endpoint. Specifically, look for log entries where the request URI contains path traversal sequences like ../, ..%2f, or other encoded variations. Monitor critical system directories for any unexpected or unauthorized file modification or deletion events.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) rule to block any requests to the vulnerable endpoint that contain path traversal patterns. Additionally, enforce the principle of least privilege by ensuring the user account running the InvokeAI application has restrictive file permissions, limiting its ability to delete files outside of its designated directories. Maintaining regular, isolated backups of the server is critical to ensure recovery from a destructive attack.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for destructive impact, this vulnerability represents a severe and immediate threat. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patch to all affected systems without delay. Although this CVE is not currently listed on the CISA KEV catalog, its high severity makes it a prime candidate for future inclusion and an attractive target for threat actors. Proactive patching is the most effective defense against potential exploitation.