CVE-2024-9920
Published: 20 March 2025
Summary
CVE-2024-9920 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-9920 is a remote code execution vulnerability in version v12 of the open-source parisneo/lollms-webui software. The issue stems from the 'Send file to AL' function, which allows users to upload files with various extensions, including dangerous ones like .py, .sh, and .bat. Attackers can upload malicious files and subsequently trigger their execution via the '/open_file' API endpoint, which invokes subprocess.Popen without proper validation of file contents or types. This flaw is tracked under CWE-434 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with low complexity and no user interaction required. By uploading a malicious script and calling the '/open_file' endpoint, the attacker achieves arbitrary code execution on the server, resulting in high impacts to confidentiality, integrity, and availability.
For mitigation guidance and patch details, refer to the primary advisory on Huntr: https://huntr.com/bounties/c70c6732-23b3-4ef8-aec6-0a47467d1ed5. The vulnerability was published on 2025-03-20.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6835
Vulnerability details
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using…
more
the '/open_file' API endpoint to execute these files. The vulnerability arises from the use of 'subprocess.Popen' to open files without proper validation, leading to potential remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability allows remote arbitrary file upload (including executable scripts like .py, .sh, .bat) and execution via '/open_file' API using subprocess.Popen without validation, enabling public-facing app exploitation (T1190), remote service exploitation (T1210), ingress tool transfer (T1105), and command/script interpreter abuse (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the lack of validation in file uploads and the /open_file endpoint by requiring checks on file contents and types to block malicious executables before subprocess.Popen execution.
Prohibits and scans user-uploaded software from external sources prior to execution, preventing arbitrary code execution from malicious .py, .sh, or .bat files.
Deploys malicious code protection at upload entry points to scan and eradicate harmful scripts, providing defense-in-depth against unvalidated file execution.