CVE-2024-4897 in lollms-webuiinfo

Summary

by MITRE • 07/02/2024

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llama_cpp_python-0.2.61+cpuavx2-cp311-cp311-manylinux_2_31_x86_64. The vulnerability arises from the application's 'binding_zoo' feature, which allows attackers to upload and interact with a malicious model file hosted on hugging-face, leading to remote code execution. The issue is linked to a known vulnerability in llama-cpp-python, CVE-2024-34359, which has not been patched in lollms-webui as of commit b454f40a. The vulnerability is exploitable through the application's handling of model files in the 'bindings_zoo' feature, specifically when processing gguf format model files.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/09/2025

The vulnerability identified as CVE-2024-4897 represents a critical remote code execution flaw within the parisneo/lollms-webui application ecosystem. This security weakness stems from an insecure dependency chain involving the llama-cpp-python library version llama_cpp_python-0.2.61+cpuavx2-cp311-cp311-manylinux_2_31_x86_64 which contains known exploitation vectors that have not been addressed in the target application. The vulnerability manifests through the application's 'binding_zoo' feature that was designed to facilitate model file uploads and interactions with external repositories, creating an attack surface that adversaries can leverage for malicious purposes.

The technical exploitation mechanism relies on the application's handling of gguf format model files within the 'bindings_zoo' functionality, where the insecure dependency chain allows attackers to upload and execute arbitrary code on the target system. This flaw specifically exploits the underlying vulnerability CVE-2024-34359 present in the llama-cpp-python library, which has remained unpatched in the lollms-webui application as of the commit b454f40a. The attack vector leverages the model file processing pipeline where malicious gguf files can contain code execution payloads that are interpreted and executed by the vulnerable library components. This represents a classic case of insecure deserialization combined with privilege escalation through trusted component exploitation, where the application trusts the processing of external model files without adequate validation or sandboxing measures.

The operational impact of this vulnerability extends beyond simple code execution to encompass complete system compromise and potential data exfiltration capabilities. An attacker who successfully exploits this vulnerability can gain full control over the affected system, potentially leading to unauthorized access to sensitive information, system enumeration, privilege escalation to root or administrator levels, and establishment of persistent backdoors. The vulnerability affects the application's model management functionality where legitimate users might upload models for legitimate purposes, creating a false sense of security that attackers can exploit to hide their malicious activities within normal application usage patterns. This type of vulnerability aligns with ATT&CK technique T1059.001 for command and script injection, and CWE-502 for deserialization of untrusted data, making it particularly dangerous in environments where the application might be running with elevated privileges or accessing sensitive data repositories.

Mitigation strategies for this vulnerability require immediate remediation through dependency updates to address CVE-2024-34359 within the llama-cpp-python library. Organizations should implement strict model file validation processes that verify the integrity and authenticity of uploaded gguf files before processing, along with sandboxing mechanisms that isolate model execution from the main application environment. Network-level protections should include monitoring for suspicious file upload activities and implementing content filtering measures that can detect potentially malicious model files. The application architecture should be reviewed to implement proper input sanitization and validation of all external model files, with additional logging and alerting mechanisms to detect anomalous behavior patterns associated with model processing activities. Regular security assessments and dependency monitoring should be implemented to prevent similar vulnerabilities from emerging in the future, particularly focusing on the supply chain security aspects of third-party libraries used in AI and machine learning applications.

Responsible

Huntr.dev

Reservation

05/15/2024

Disclosure

07/02/2024

Moderation

accepted

CPE

ready

EPSS

0.00446

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!