AVID-2026-R1378

Description

Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2024-11394)

Details

Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.

Reason for inclusion in AVID: CVE-2024-11394 describes a deserialization vulnerability in Hugging Face Transformers Trax that leads to remote code execution via untrusted model data. This is a software-vulnerability in an AI framework used within AI pipelines, representing a direct software supply chain risk for general-purpose AI systems (dependencies and runtimes in ML stacks). The CVE indicates high severity (RCE), supporting its classification as a security/safety vulnerability with clear AI tooling relevance.

References

Affected or Relevant Artifacts

Developer: Hugging Face
Deployer: Hugging Face
Artifact Details:

Type	Name
System	Transformers

Impact

AVID Taxonomy Categorization

Risk domains: Security
SEP subcategories: S0100: Software Vulnerability
Lifecycle stages: L06: Deployment

CVSS

Version	3.0
Vector String	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score	8.8
Base Severity	🔴 High

CWE

ID	Description
CWE-502	CWE-502: Deserialization of Untrusted Data

Other information

Report Type: Advisory
Credits:
Date Reported: 2024-11-22
Version: 0.3.3
AVID Entry