CVE-2024-9920
Published: 20 March 2025
Summary
CVE-2024-9920 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the lack of validation in file uploads and the /open_file endpoint by requiring checks on file contents and types to block malicious executables before subprocess.Popen execution.
Prohibits and scans user-uploaded software from external sources prior to execution, preventing arbitrary code execution from malicious .py, .sh, or .bat files.
Deploys malicious code protection at upload entry points to scan and eradicate harmful scripts, providing defense-in-depth against unvalidated file execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability allows remote arbitrary file upload (including executable scripts like .py, .sh, .bat) and execution via '/open_file' API using subprocess.Popen without validation, enabling public-facing app exploitation (T1190), remote service exploitation (T1210), ingress tool transfer (T1105), and command/script interpreter abuse (T1059).
NVD Description
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using…
more
the '/open_file' API endpoint to execute these files. The vulnerability arises from the use of 'subprocess.Popen' to open files without proper validation, leading to potential remote code execution.
Deeper analysisAI
CVE-2024-9920 is a remote code execution vulnerability in version v12 of the open-source parisneo/lollms-webui software. The issue stems from the 'Send file to AL' function, which allows users to upload files with various extensions, including dangerous ones like .py, .sh, and .bat. Attackers can upload malicious files and subsequently trigger their execution via the '/open_file' API endpoint, which invokes subprocess.Popen without proper validation of file contents or types. This flaw is tracked under CWE-434 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with low complexity and no user interaction required. By uploading a malicious script and calling the '/open_file' endpoint, the attacker achieves arbitrary code execution on the server, resulting in high impacts to confidentiality, integrity, and availability.
For mitigation guidance and patch details, refer to the primary advisory on Huntr: https://huntr.com/bounties/c70c6732-23b3-4ef8-aec6-0a47467d1ed5. The vulnerability was published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- parisneo/lollms-webui is a web user interface for interacting with large language models (LLMs), classified as an enterprise AI assistant platform. The vulnerability involves file upload and execution in this AI web UI context.