Cyber Posture

CVE-2024-9920

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0153 81.4th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

Security Summary

CVE-2024-9920 is a remote code execution vulnerability in version v12 of the open-source parisneo/lollms-webui software. The issue stems from the 'Send file to AL' function, which allows users to upload files with various extensions, including dangerous ones like .py, .sh, and .bat. Attackers can upload malicious files and subsequently trigger their execution via the '/open_file' API endpoint, which invokes subprocess.Popen without proper validation of file contents or types. This flaw is tracked under CWE-434 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with low complexity and no user interaction required. By uploading a malicious script and calling the '/open_file' endpoint, the attacker achieves arbitrary code execution on the server, resulting in high impacts to confidentiality, integrity, and availability.

For mitigation guidance and patch details, refer to the primary advisory on Huntr: https://huntr.com/bounties/c70c6732-23b3-4ef8-aec6-0a47467d1ed5. The vulnerability was published on 2025-03-20.

Details

CWE(s)
CWE-434

Affected Products

lollms
lollms web ui
12

AI Security Analysis

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
parisneo/lollms-webui is a web user interface for interacting with large language models (LLMs), classified as an enterprise AI assistant platform. The vulnerability involves file upload and execution in this AI web UI context.

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Vulnerability allows remote arbitrary file upload (including executable scripts like .py, .sh, .bat) and execution via '/open_file' API using subprocess.Popen without validation, enabling public-facing app exploitation (T1190), remote service exploitation (T1210), ingress tool transfer (T1105), and command/script interpreter abuse (T1059).

References