Cyber Resilience

CVE-2024-5980

CriticalPublic PoC

Published: 27 June 2024

Published
27 June 2024
Modified
15 October 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1073 93.5th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5980 is a critical-severity Path Traversal (CWE-22) vulnerability in Lightningai Pytorch Lightning. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010), Exfiltration via AI Inference API (AML.T0024), AI Model Inference API Access (AML.T0040).

Deeper analysis

A path traversal vulnerability exists in the /v1/runs API endpoint of lightning-ai/pytorch-lightning version 2.2.4. When the LightningApp runs with the plugin_server enabled, the endpoint processes tar.gz plugin uploads without properly sanitizing embedded paths during extraction. This flaw, tracked as CWE-22, permits writes to arbitrary locations on the host filesystem and carries a CVSS 3.1 score of 9.8.

An unauthenticated remote attacker can upload a crafted tar.gz archive containing files that use “..” sequences. Successful exploitation results in arbitrary file placement, which can be leveraged to achieve remote code execution on the victim system.

A fix is available in the referenced commit that addresses unsafe path handling during tar extraction. The issue was disclosed through a public huntr bounty report that includes reproduction details and the patch location. The associated EPSS score has remained at 0.1073 with no material increase since disclosure.

EU & UK References

Vulnerability details

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path…

more

traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.

CWE(s)

AI Security AnalysisAI

AI Category
Deep Learning Frameworks
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
The vulnerability affects lightning-ai/pytorch-lightning v2.2.4, a popular wrapper library for PyTorch, which is a deep learning framework used for training and managing deep learning models.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Path traversal in tar.gz extraction via public /v1/runs API endpoint (T1190: Exploit Public-Facing Application) enables uploading and placing arbitrary files anywhere on the filesystem (T1105: Ingress Tool Transfer), potentially leading to RCE.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010: AI Supply Chain CompromiseAML.T0024: Exfiltration via AI Inference APIAML.T0040: AI Model Inference API AccessAML.T0048: External Harms

Affected Assets

lightningai
pytorch lightning
2.2.4 — 2.3.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References