CVE-2024-8019
Published: 20 March 2025
Summary
CVE-2024-8019 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Lightningai Pytorch Lightning. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 15.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-8019 is a high-severity vulnerability (CVSS 9.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) affecting lightning-ai/pytorch-lightning version 2.3.2, specifically in the LightningApp component when running on a Windows host. The issue resides in the /api/v1/upload_file/ endpoint, which allows attackers to write or overwrite arbitrary files by supplying a crafted filename. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), can enable potential remote code execution (RCE) through the placement of malicious files in sensitive locations or overwriting of critical system files.
The vulnerability is exploitable remotely over the network with low complexity, requiring no privileges, authentication, or user interaction. Any unauthenticated attacker with network access to the affected LightningApp instance on Windows can send a malicious request to the upload endpoint, achieving arbitrary file write or overwrite capabilities. Successful exploitation could lead to RCE, system compromise, or disruption of integrity and availability, depending on the targeted files.
Mitigation details are available in the project's GitHub repository via commit 330af381de88cff17515418a341cbc1f9f127f9a, which addresses the issue. Additional information, including bounty details, can be found on the Huntr page at https://huntr.com/bounties/2754298b-5af5-48ef-8b38-999093ddf2bd. Security practitioners should upgrade to a patched version of pytorch-lightning beyond 2.3.2 and restrict network exposure of LightningApp endpoints.
This vulnerability is particularly relevant to AI/ML workflows, as pytorch-lightning is a popular framework for scalable PyTorch training, potentially exposing ML development environments to risks during model serving or app deployment on Windows. No public evidence of real-world exploitation has been reported as of the CVE publication on 2025-03-20.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6932
Vulnerability details
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead…
more
to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, pytorch
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables exploitation of a public-facing application (T1190) via the web endpoint and facilitates ingress tool transfer (T1105) by allowing arbitrary file writes or overwrites on the Windows host with crafted filenames, potentially leading to RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents exploitation by validating filenames and paths at the /api/v1/upload_file/ endpoint to block crafted inputs enabling arbitrary file writes.
Remediates the specific flaw in pytorch-lightning version 2.3.2 by upgrading to the patched version addressing the unrestricted file upload vulnerability.
Enforces logical access controls within the LightningApp to restrict file write operations to authorized locations only, mitigating unauthorized overwrites.