Cyber Resilience

CVE-2024-9920

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0153 81.7th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9920 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-9920 is a remote code execution vulnerability in version v12 of the open-source parisneo/lollms-webui software. The issue stems from the 'Send file to AL' function, which allows users to upload files with various extensions, including dangerous ones like .py, .sh, and .bat. Attackers can upload malicious files and subsequently trigger their execution via the '/open_file' API endpoint, which invokes subprocess.Popen without proper validation of file contents or types. This flaw is tracked under CWE-434 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with low complexity and no user interaction required. By uploading a malicious script and calling the '/open_file' endpoint, the attacker achieves arbitrary code execution on the server, resulting in high impacts to confidentiality, integrity, and availability.

For mitigation guidance and patch details, refer to the primary advisory on Huntr: https://huntr.com/bounties/c70c6732-23b3-4ef8-aec6-0a47467d1ed5. The vulnerability was published on 2025-03-20.

EU & UK References

Vulnerability details

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using…

more

the '/open_file' API endpoint to execute these files. The vulnerability arises from the use of 'subprocess.Popen' to open files without proper validation, leading to potential remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Vulnerability allows remote arbitrary file upload (including executable scripts like .py, .sh, .bat) and execution via '/open_file' API using subprocess.Popen without validation, enabling public-facing app exploitation (T1190), remote service exploitation (T1210), ingress tool transfer (T1105), and command/script interpreter abuse (T1059).

CVEs Like This One

CVE-2024-8898Same product: Lollms Lollms Web Ui
CVE-2026-33340Same product: Lollms Lollms Web Ui
CVE-2025-1451Same product: Lollms Lollms Web Ui
CVE-2026-0558Same vendor: Lollms
CVE-2025-26319Shared CWE-434
CVE-2026-0562Same vendor: Lollms
CVE-2025-7847Shared CWE-434
CVE-2024-13882Shared CWE-434
CVE-2024-10901Shared CWE-434
CVE-2026-0560Same vendor: Lollms

Affected Assets

lollms
lollms web ui
12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the lack of validation in file uploads and the /open_file endpoint by requiring checks on file contents and types to block malicious executables before subprocess.Popen execution.

prevent

Prohibits and scans user-uploaded software from external sources prior to execution, preventing arbitrary code execution from malicious .py, .sh, or .bat files.

preventdetect

Deploys malicious code protection at upload entry points to scan and eradicate harmful scripts, providing defense-in-depth against unvalidated file execution.

References