CVE-2024-11392

HIGH

Hugging Face Transformers MobileViTV2 - Deserialization

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-11392. PoCs published by The Kernel Panic, Piyush-Bhor.

AI-analyzed exploit summary This exploit leverages YAML deserialization in Hugging Face Transformers' convert_mlcvnets_to_pytorch.py script to achieve remote code execution. The malicious YAML file triggers arbitrary command execution via Python's `exec` function during deserialization.

Description

Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322.

Exploits (2)

exploitdb WORKING POC

by The Kernel Panic · textremotepython

https://www.exploit-db.com/exploits/52227

View Code ZIP pw:eip

This exploit leverages YAML deserialization in Hugging Face Transformers' convert_mlcvnets_to_pytorch.py script to achieve remote code execution. The malicious YAML file triggers arbitrary command execution via Python's `exec` function during deserialization.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Hugging Face Transformers 4.41.1

No auth needed

Prerequisites: Victim must run the convert_mlcvnets_to_pytorch.py script with the malicious YAML file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by Piyush-Bhor · poc

https://github.com/Piyush-Bhor/CVE-2024-11392

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-11392, demonstrating a deserialization vulnerability in Hugging Face Transformers' MobileViTV2 module. The exploit leverages unsafe YAML deserialization via `yaml.FullLoader` to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Hugging Face Transformers (Latest)

No auth needed

Prerequisites: Victim must run the `convert_mlcvnets_to_pytorch.py` script with a malicious YAML config file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_research-advisory

https://www.zerodayinitiative.com/advisories/ZDI-24-1513/

Scores

CVSS v3 8.8

EPSS 0.5929

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (2)

huggingface/transformers < 4.48.0

pypi/transformers 0 - 4.48.0PyPI

Published Nov 22, 2024

Tracked Since Feb 18, 2026