CVE-2024-23750 – CVE-2024-23750 is a critical code injection vul... (How to Fix)

📋 TL;DR

CVE-2024-23750 is a critical code injection vulnerability in MetaGPT that allows attackers with QaEngineer role access to execute arbitrary commands on the host system. This occurs because the RunCode.run_script() function improperly passes user-controlled input containing shell metacharacters to subprocess.Popen without proper sanitization. All MetaGPT deployments with QaEngineer role functionality are affected.

💻 Affected Systems

Products:

MetaGPT

Versions: All versions through 0.6.4

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires QaEngineer role access; however, default configurations may grant this role to users who shouldn't have it.

📦 What is this software?

Metagpt by Deepwisdom

View all CVEs affecting Metagpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands with the privileges of the MetaGPT process, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Unauthorized code execution leading to data exfiltration, installation of backdoors, or disruption of MetaGPT functionality.

🟢

If Mitigated

Limited impact if proper input validation and role-based access controls are implemented, restricting QaEngineer role access to trusted users only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires QaEngineer role access but is trivial once obtained. Public GitHub issue demonstrates the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.6.5 or later

Vendor Advisory: https://github.com/geekan/MetaGPT/issues/731

Restart Required: Yes

Instructions:

1. Update MetaGPT to version 0.6.5 or later using pip: pip install --upgrade metagpt
2. Restart all MetaGPT services and processes
3. Verify the update was successful

🔧 Temporary Workarounds

Input Sanitization

all

Implement input validation to reject shell metacharacters in RunCode.run_script() inputs

Modify RunCode.run_script() to sanitize inputs before passing to subprocess.Popen

Role Restriction

all

Temporarily disable or restrict QaEngineer role access until patching

Modify role configuration to remove QaEngineer permissions from untrusted users

🧯 If You Can't Patch

Implement strict network segmentation to isolate MetaGPT instances from critical systems
Enforce least privilege access controls and audit all QaEngineer role assignments

🔍 How to Verify

Check if Vulnerable:

Check MetaGPT version: if version <= 0.6.4, system is vulnerable

Check Version:

python -c "import metagpt; print(metagpt.__version__)"

Verify Fix Applied:

Verify MetaGPT version is 0.6.5 or later and test that shell metacharacters in RunCode.run_script() inputs are properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual subprocess.Popen executions from MetaGPT
Shell metacharacters in MetaGPT input logs
Unexpected process spawns from MetaGPT service

Network Indicators:

Outbound connections from MetaGPT to unexpected destinations
Command and control traffic patterns

SIEM Query:

process_name:"python" AND parent_process_name:"metagpt" AND cmdline:("sh" OR "bash" OR "cmd")

📊 Metadata

CVE ID: CVE-2024-23750

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: January 22, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/geekan/MetaGPT/issues/731 Exploit,Issue Tracking,Vendor Advisory
https://github.com/geekan/MetaGPT/issues/731 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23750, you might also want to check these: