Cyber Posture

CVE-2024-12029

N/A

Published: 20 March 2025

Published
20 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score N/A
EPSS Score 0.4416 97.6th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may embed payloads within other files to conceal malicious content from defenses.

Security Summary

CVE-2024-12029 is a remote code execution vulnerability affecting invoke-ai/InvokeAI versions 5.3.1 through 5.4.2. The issue stems from unsafe deserialization in the /api/v2/models/install API endpoint, where model files are loaded using torch.load without proper validation. This allows arbitrary code embedded in model files to execute during the loading process, classified under CWE-502 (Deserialization of Untrusted Data).

Remote attackers can exploit this vulnerability by crafting malicious model files and tricking users or automated processes into installing them via the affected API. Successful exploitation leads to arbitrary code execution on the server hosting InvokeAI, potentially granting full control over the system depending on the privileges of the running process.

The vulnerability has been addressed in InvokeAI version 5.4.3, as detailed in the project's GitHub commit 756008dc5899081c5aa51e5bd8f24c1b3975a59e. Additional details are available via the Huntr bounty report at https://huntr.com/bounties/9b790f94-1b1b-4071-bc27-78445d1a87a3, which covers discovery and remediation.

This flaw is particularly relevant to AI/ML workflows, as InvokeAI is a creative engine for Stable Diffusion models relying on PyTorch, highlighting risks in unvalidated model loading within machine learning pipelines. No public evidence of real-world exploitation has been reported as of the CVE publication on 2025-03-20.

Details

CWE(s)
CWE-502

AI Security Analysis

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
InvokeAI is an open-source AI platform for running Stable Diffusion models for image generation, and the vulnerability affects its model installation API using unsafe torch.load deserialization.

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
attack.mitre.org →
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
attack.mitre.org →
T1027.009 Embedded Payloads Stealth
Adversaries may embed payloads within other files to conceal malicious content from defenses.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote code execution (T1190) via unsafe deserialization in a web API endpoint, facilitates Python interpreter abuse (T1059.006) through torch.load execution of embedded malicious code, allows ingress tool transfer (T1105) by uploading malicious model files, and supports embedded payloads obfuscation (T1027.009) within model files.

References