Cyber Resilience

CVE-2024-2358

CriticalPublic PoC

Published: 16 May 2024

Published
16 May 2024
Modified
09 July 2025
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0316 87.2th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2358 is a critical-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: Hardware (AML.T0010.000), Infer Training Data Membership (AML.T0024.000), AML.T0040.000.

Deeper analysis

A path traversal vulnerability exists in the /apply_settings endpoint of the parisneo/lollms-webui project. The flaw stems from missing sanitization of the extensions parameter in configuration settings, which permits relative path sequences such as ../../../. This allows the application to load and execute an attacker-supplied __init__.py file from arbitrary directories, resulting in remote code execution. The issue affects the latest version of the software and carries a CVSS 3.0 score of 9.8.

Unauthenticated remote attackers can exploit the vulnerability by submitting a crafted payload to the affected endpoint. Successful exploitation grants the ability to run arbitrary code on the server with the privileges of the web application process, potentially leading to full system compromise.

The provided references point to a Huntr bounty report but contain no explicit mitigation guidance or patch details. The EPSS score rose from a low baseline to a peak of 0.0624 on 2025-12-11 before receding to the current value of 0.0316, indicating a temporary increase in exploitation interest after public disclosure.

EU & UK References

Vulnerability details

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by…

more

crafting a payload that includes relative path traversal sequences ('../../../'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and execute a malicious '__init__.py' file, leading to remote code execution. The issue affects the latest version of parisneo/lollms-webui.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
parisneo/lollms-webui is a web user interface platform for running and interacting with large language models (LLMs) locally, fitting under 'Other Platforms' as it is an AI/ML hosting and deployment platform, confirmed by its inclusion in an AI/ML bug bounty program.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Path traversal in web endpoint '/apply_settings' enables remote code execution via loading malicious Python '__init__.py', mapping to T1190 (Exploit Public-Facing Application) and T1059.006 (Python).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010.000: HardwareAML.T0024.000: Infer Training Data MembershipAML.T0040.000AML.T0048.000: Financial Harm

Affected Assets

lollms
lollms web ui
≤ 9.5

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References