Cyber Resilience

CVE-2024-5452

CriticalPublic PoC

Published: 06 June 2024

Published
06 June 2024
Modified
15 October 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5054 97.9th percentile
Risk Priority 50 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5452 is a critical-severity Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915) vulnerability in Lightningai Pytorch Lightning. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010), Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).

Deeper analysis

A remote code execution vulnerability affects the lightning-ai/pytorch-lightning library in version 2.2.1. It stems from unsafe deserialization of user-supplied input passed to deepdiff.Delta objects, which the application uses to apply frontend-driven state changes. The deepdiff library's handling of dunder attributes can be bypassed, allowing a crafted serialized delta to evade the intended whitelist and grant arbitrary attribute writes that lead to full code execution.

Unauthenticated remote attackers can exploit the flaw by sending a malicious delta payload to the delta endpoint, which is enabled by default in self-hosted deployments. Successful exploitation grants complete control over the application process, including access to other modules and instances, without requiring authentication or user interaction.

A fix was merged in commit 330af381de88cff17515418a341cbc1f9f127f9a. Public details of the issue and proof-of-concept are available in the referenced huntr.dev bounty report.

The affected component is widely used in machine-learning workflows. EPSS scores climbed from lower values to a peak of 0.6262, indicating that exploitation interest emerged after disclosure.

EU & UK References

Vulnerability details

A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based…

more

on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default.

CWE(s)

AI Security AnalysisAI

AI Category
Deep Learning Frameworks
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
PyTorch Lightning (lightning-ai/pytorch-lightning) is a high-level deep learning framework built on PyTorch, simplifying training and deployment of deep learning models.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The RCE vulnerability in the pytorch-lightning library's default delta endpoint allows attackers to exploit a public-facing web application via crafted deserialized input, enabling arbitrary code execution.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010: AI Supply Chain CompromiseAML.T0016: Obtain CapabilitiesAML.T0024: Exfiltration via AI Inference APIAML.T0048: External Harms

Affected Assets

lightningai
pytorch lightning
≤ 2.3.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-913

Requiring explicit authorization and ongoing control of mobile code implements proper management of dynamically loaded code resources.

References