Cyber Posture

CVE-2024-12366

Critical

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0590 90.6th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in client applications to execute code.

Security Summary

CVE-2024-12366 is a critical vulnerability in PandasAI, an AI-enhanced library for data analysis using large language models (LLMs). The issue resides in an interactive prompt function susceptible to prompt injection attacks, enabling attackers to execute arbitrary Python code and achieve remote code execution (RCE). Instead of providing the intended explanation of natural language processing queries via the LLM, the function can be hijacked. Published on 2025-02-11, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation allows full control over the affected system through arbitrary Python code execution, resulting in high impacts to confidentiality, integrity, and availability.

Mitigation guidance is available in vendor documentation and advisories, including https://docs.getpanda.ai/v3/privacy-security, https://docs.pandas-ai.com/advanced-security-agent, and the CERT vulnerability note at https://www.kb.cert.org/vuls/id/148244.

This vulnerability underscores prompt injection risks in AI/ML tools that combine LLMs with code execution capabilities, such as PandasAI's integration for natural language-driven data processing.

Details

CWE(s)
None listed

AI Security Analysis

AI Category
Data Processing Libraries
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
LLM01:2025 Prompt Injection
MITRE ATLAS Techniques
AML.T0051: LLM Prompt InjectionAML.T0054: LLM Jailbreak
Classification Reason
PandasAI is an AI extension to the Pandas data processing library, enabling natural language queries via LLMs on dataframes, making it primarily a data processing library with AI integration.

MITRE ATT&CK Enterprise Techniques

T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
attack.mitre.org →
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

The prompt injection vulnerability enables remote code execution via arbitrary Python code, mapping to T1059.006 (Command and Scripting Interpreter: Python) for execution and T1203 (Exploitation for Client Execution) as it exploits a software vulnerability in PandasAI.

References