CVE-2024-55241
Published: 06 February 2025
Summary
CVE-2024-55241 is a high-severity Code Injection (CWE-94) vulnerability in Notion (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-55241 is a code injection vulnerability (CWE-94) affecting the deep-diver LLM-As-Chatbot application prior to commit 99c2c03. The flaw resides in the modelsbyom.py component, enabling remote arbitrary code execution. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and significant impacts on confidentiality, integrity, and availability.
A remote attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network without requiring user interaction. Successful exploitation allows the attacker to execute arbitrary code on the affected system, potentially leading to full compromise including data exfiltration, modification of chatbot behavior, or system takeover.
Advisories, including a detailed Notion page at https://diamond-bath-fd4.notion.site/Remote-Code-Execution-vulnerability-in-load_model-in-deep-diver-LLM-As-Chatbot-14d4a5b4bb28806795e8e5e8ef9ae27b, describe the remote code execution issue in the load_model function of deep-diver LLM-As-Chatbot. Practitioners should update to commit 99c2c03 or later to mitigate the vulnerability.
This vulnerability is particularly relevant to AI/ML deployments, as it targets an LLM-as-chatbot framework, highlighting risks in loading models within untrusted or insufficiently validated environments. No public evidence of real-world exploitation has been reported as of the CVE publication on 2025-02-06.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52758
Vulnerability details
An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote arbitrary code execution in a chatbot application (likely public-facing), directly mapping to exploitation of public-facing applications.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation by updating to commit 99c2c03 or later directly eliminates the code injection vulnerability in modelsbyom.py.
Information input validation on the load_model function prevents injection of arbitrary code by remote low-privileged attackers.
Vulnerability monitoring and scanning identifies the code injection flaw (CVE-2024-55241) in the LLM-As-Chatbot application for remediation.