CVE-2024-55241
Published: 06 February 2025
Summary
CVE-2024-55241 is a high-severity Code Injection (CWE-94) vulnerability in Notion (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the LLM/Generative AI Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation by updating to commit 99c2c03 or later directly eliminates the code injection vulnerability in modelsbyom.py.
Information input validation on the load_model function prevents injection of arbitrary code by remote low-privileged attackers.
Vulnerability monitoring and scanning identifies the code injection flaw (CVE-2024-55241) in the LLM-As-Chatbot application for remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote arbitrary code execution in a chatbot application (likely public-facing), directly mapping to exploitation of public-facing applications.
NVD Description
An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component.
Deeper analysisAI
CVE-2024-55241 is a code injection vulnerability (CWE-94) affecting the deep-diver LLM-As-Chatbot application prior to commit 99c2c03. The flaw resides in the modelsbyom.py component, enabling remote arbitrary code execution. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and significant impacts on confidentiality, integrity, and availability.
A remote attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network without requiring user interaction. Successful exploitation allows the attacker to execute arbitrary code on the affected system, potentially leading to full compromise including data exfiltration, modification of chatbot behavior, or system takeover.
Advisories, including a detailed Notion page at https://diamond-bath-fd4.notion.site/Remote-Code-Execution-vulnerability-in-load_model-in-deep-diver-LLM-As-Chatbot-14d4a5b4bb28806795e8e5e8ef9ae27b, describe the remote code execution issue in the load_model function of deep-diver LLM-As-Chatbot. Practitioners should update to commit 99c2c03 or later to mitigate the vulnerability.
This vulnerability is particularly relevant to AI/ML deployments, as it targets an LLM-as-chatbot framework, highlighting risks in loading models within untrusted or insufficiently validated environments. No public evidence of real-world exploitation has been reported as of the CVE publication on 2025-02-06.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The vulnerability is in 'deep-diver LLM-As-Chatbot', an LLM-based chatbot application, which fits the Enterprise AI Assistants category as it implements an AI assistant using large language models.