CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure usage of the `Popen` function with `shell=True`, coupled with unsanitized user input. Immediate remediation is required to mitigate the risk. This vulnerability is fixed in 0.9.1.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/superboy-zjc/f2d2b93ae511c445ba97e144b70e534d	Exploit
https://github.com/hiyouga/LLaMA-Factory/commit/b3aa80d54a67da45e9e237e349486fb9c162b2ac	Patch
https://github.com/hiyouga/LLaMA-Factory/security/advisories/GHSA-hj3w-wrh4-44vp	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hiyouga:llama-factory:*:*:*:*:*:*:*:*

History

27 Aug 2025, 16:42

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hiyouga:llama-factory::::::::
CWE		CWE-78
First Time		Hiyouga llama-factory Hiyouga
References	~~() https://gist.github.com/superboy-zjc/f2d2b93ae511c445ba97e144b70e534d -~~	() https://gist.github.com/superboy-zjc/f2d2b93ae511c445ba97e144b70e534d - Exploit
References	~~() https://github.com/hiyouga/LLaMA-Factory/commit/b3aa80d54a67da45e9e237e349486fb9c162b2ac -~~	() https://github.com/hiyouga/LLaMA-Factory/commit/b3aa80d54a67da45e9e237e349486fb9c162b2ac - Patch
References	~~() https://github.com/hiyouga/LLaMA-Factory/security/advisories/GHSA-hj3w-wrh4-44vp -~~	() https://github.com/hiyouga/LLaMA-Factory/security/advisories/GHSA-hj3w-wrh4-44vp - Exploit, Vendor Advisory

Information

Published : 2024-11-21 17:15

Updated : 2025-08-27 16:42

NVD link : CVE-2024-52803

Mitre link : CVE-2024-52803

CVE.ORG link : CVE-2024-52803

JSON object : View

Products Affected

hiyouga

llama-factory

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-52803", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-11-21T17:15:24.470", "references": [{"url": "https://gist.github.com/superboy-zjc/f2d2b93ae511c445ba97e144b70e534d", "tags": ["Exploit"], "source": "security-advisories@github.com"}, {"url": "https://github.com/hiyouga/LLaMA-Factory/commit/b3aa80d54a67da45e9e237e349486fb9c162b2ac", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/hiyouga/LLaMA-Factory/security/advisories/GHSA-hj3w-wrh4-44vp", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure usage of the `Popen` function with `shell=True`, coupled with unsanitized user input. Immediate remediation is required to mitigate the risk. This vulnerability is fixed in 0.9.1."}, {"lang": "es", "value": "LLama Factory permite el ajuste fino de modelos de lenguaje de gran tama\u00f1o. Se ha identificado una vulnerabilidad cr\u00edtica de inyecci\u00f3n remota de comandos del sistema operativo en el proceso de entrenamiento de LLama Factory. Esta vulnerabilidad surge del manejo inadecuado de la entrada del usuario, lo que permite que actores maliciosos ejecuten comandos arbitrarios del sistema operativo en el sistema host. El problema se debe al uso inseguro de la funci\u00f3n `Popen` con `shell=True`, junto con una entrada del usuario no desinfectada. Se requiere una soluci\u00f3n inmediata para mitigar el riesgo. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 0.9.1."}], "lastModified": "2025-08-27T16:42:48.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hiyouga:llama-factory:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEB416D8-3547-46AC-AA15-1EB5A04AE49D", "versionEndExcluding": "0.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}