Cyber Resilience

CVE-2024-8019

CriticalPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0210 84.4th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8019 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Lightningai Pytorch Lightning. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 15.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-8019 is a high-severity vulnerability (CVSS 9.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) affecting lightning-ai/pytorch-lightning version 2.3.2, specifically in the LightningApp component when running on a Windows host. The issue resides in the /api/v1/upload_file/ endpoint, which allows attackers to write or overwrite arbitrary files by supplying a crafted filename. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), can enable potential remote code execution (RCE) through the placement of malicious files in sensitive locations or overwriting of critical system files.

The vulnerability is exploitable remotely over the network with low complexity, requiring no privileges, authentication, or user interaction. Any unauthenticated attacker with network access to the affected LightningApp instance on Windows can send a malicious request to the upload endpoint, achieving arbitrary file write or overwrite capabilities. Successful exploitation could lead to RCE, system compromise, or disruption of integrity and availability, depending on the targeted files.

Mitigation details are available in the project's GitHub repository via commit 330af381de88cff17515418a341cbc1f9f127f9a, which addresses the issue. Additional information, including bounty details, can be found on the Huntr page at https://huntr.com/bounties/2754298b-5af5-48ef-8b38-999093ddf2bd. Security practitioners should upgrade to a patched version of pytorch-lightning beyond 2.3.2 and restrict network exposure of LightningApp endpoints.

This vulnerability is particularly relevant to AI/ML workflows, as pytorch-lightning is a popular framework for scalable PyTorch training, potentially exposing ML development environments to risks during model serving or app deployment on Windows. No public evidence of real-world exploitation has been reported as of the CVE publication on 2025-03-20.

EU & UK References

Vulnerability details

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead…

more

to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.

CWE(s)

AI Security AnalysisAI

AI Category
Deep Learning Frameworks
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, pytorch

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables exploitation of a public-facing application (T1190) via the web endpoint and facilitates ingress tool transfer (T1105) by allowing arbitrary file writes or overwrites on the Windows host with crafted filenames, potentially leading to RCE.

CVEs Like This One

CVE-2026-31221Same product: Lightningai Pytorch Lightning
CVE-2026-2269Shared CWE-434
CVE-2025-25783Shared CWE-434
CVE-2025-27683Shared CWE-434
CVE-2024-41340Shared CWE-434
CVE-2025-6207Shared CWE-434
CVE-2024-50620Shared CWE-434
CVE-2025-12171Shared CWE-434
CVE-2025-26325Shared CWE-434
CVE-2025-6079Shared CWE-434

Affected Assets

lightningai
pytorch lightning
2.3.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents exploitation by validating filenames and paths at the /api/v1/upload_file/ endpoint to block crafted inputs enabling arbitrary file writes.

prevent

Remediates the specific flaw in pytorch-lightning version 2.3.2 by upgrading to the patched version addressing the unrestricted file upload vulnerability.

prevent

Enforces logical access controls within the LightningApp to restrict file write operations to authorized locations only, mitigating unauthorized overwrites.

References