CVE-2024-12065 – A local file inclusion vulnerability in haotian... (How to Fix)

Q: What is the severity of CVE-2024-12065?

CVE-2024-12065 has a CVSS score of 7.5 (HIGH). A local file inclusion vulnerability in haotian-liu/llava's Gradio web UI allows attackers to read arbitrary files on the server by sending specially crafted requests. This affects systems running vulnerable versions of the LLaVA project with the Gradio interface exposed. The vulnerability stems from improper input validation in file handling.

📋 TL;DR

A local file inclusion vulnerability in haotian-liu/llava's Gradio web UI allows attackers to read arbitrary files on the server by sending specially crafted requests. This affects systems running vulnerable versions of the LLaVA project with the Gradio interface exposed. The vulnerability stems from improper input validation in file handling.

💻 Affected Systems

Products:

haotian-liu/llava

Versions: Commit c121f04 and earlier versions with vulnerable Gradio component

Operating Systems: All operating systems running the vulnerable software

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using the Gradio web UI component. Headless/API-only deployments may not be vulnerable.

📦 What is this software?

Llava by Hliu

View all CVEs affecting Llava →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through sensitive file disclosure (SSH keys, configuration files, passwords), potentially leading to privilege escalation and lateral movement.

🟠

Likely Case

Unauthorized access to sensitive configuration files, source code, or user data stored on the server.

🟢

If Mitigated

Limited impact if proper network segmentation and file permissions restrict accessible files.

🌐 Internet-Facing: HIGH - Web UI directly exposed to internet allows remote attackers to exploit without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still access sensitive files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending multiple crafted requests but no authentication is needed. The vulnerability is in the Gradio component's file handling logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit after c121f04 (check repository for latest)

Vendor Advisory: https://huntr.com/bounties/0594503c-038f-401c-9127-08be32bfd682

Restart Required: Yes

Instructions:

1. Update to latest LLaVA repository version. 2. Verify Gradio component has proper input validation. 3. Restart the application service.

🔧 Temporary Workarounds

Disable Gradio Web UI

all

Remove or disable the Gradio web interface if not required

Modify startup configuration to disable Gradio UI

Network Access Controls

linux

Restrict network access to the Gradio interface using firewall rules

iptables -A INPUT -p tcp --dport [gradio_port] -j DROP
ufw deny [gradio_port]

🧯 If You Can't Patch

Implement strict file system permissions to limit accessible directories
Deploy web application firewall (WAF) with LFI protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running commit c121f04 or earlier: git log --oneline | head -5

Check Version:

git rev-parse HEAD

Verify Fix Applied:

Verify updated to commit after c121f04 and test file inclusion attempts return errors

📡 Detection & Monitoring

Log Indicators:

Multiple file path traversal patterns in Gradio access logs
Unusual file access patterns from single IP

Network Indicators:

HTTP requests with ../ patterns in parameters
Multiple rapid requests to file endpoints

SIEM Query:

source="gradio.log" AND ("../" OR "..\" OR "/etc/" OR "/proc/")

📊 Metadata

CVE ID: CVE-2024-12065

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.14% exploit probability (33.9th percentile)

Published: March 20, 2025

Last Updated: October 21, 2025

🔗 References

https://huntr.com/bounties/0594503c-038f-401c-9127-08be32bfd682 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12065, you might also want to check these: