CVE-2024-11392 is a deserialization vulnerability classified under CWE-502 found in the Hugging Face Transformers library, specifically impacting the MobileViTV2 model. The root cause is the lack of proper validation of user-supplied configuration files, which are deserialized insecurely. Deserialization of untrusted data can allow an attacker to craft malicious input that, when processed by the vulnerable library, leads to arbitrary code execution within the context of the current user. The attack vector requires user interaction, such as opening a malicious file or visiting a malicious webpage that triggers the vulnerable deserialization process. The vulnerability is network exploitable (AV:N) but requires high attack complexity (AC:H) and user interaction (UI:R). No privileges are required (PR:N), and the scope remains unchanged (S:U). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), as arbitrary code execution can lead to full system compromise. Although no public exploits are currently known, the vulnerability poses a significant risk to organizations relying on Hugging Face Transformers for AI/ML workloads, especially where untrusted data inputs are processed. The vulnerability was assigned by ZDI (ZDI-CAN-24322) and published on 2024-11-22. No patches are listed yet, so mitigation focuses on restricting untrusted input and monitoring for suspicious activity.

The vulnerability allows remote attackers to execute arbitrary code on affected systems, potentially leading to full compromise of the host running the Hugging Face Transformers library. This can result in unauthorized access to sensitive data, manipulation or destruction of AI models and data, disruption of AI services, and lateral movement within networks. Organizations using the affected versions in production or research environments face risks including data breaches, intellectual property theft, and operational downtime. The requirement for user interaction limits automated exploitation but does not eliminate risk, especially in environments where users may open untrusted files or visit malicious sites. The high impact on confidentiality, integrity, and availability means that successful exploitation can have severe consequences for organizations relying on AI/ML workflows, particularly those handling sensitive or proprietary data.

1. Immediately audit and restrict the sources of configuration files and other inputs processed by Hugging Face Transformers to trusted origins only. 2. Implement strict input validation and sanitization for all user-supplied data before deserialization. 3. Employ application-level sandboxing or containerization to limit the impact of potential code execution. 4. Monitor systems for unusual activity indicative of exploitation attempts, such as unexpected process spawning or network connections. 5. Educate users about the risks of opening files or visiting links from untrusted sources, especially in environments using the vulnerable library. 6. Track updates from Hugging Face for official patches or security advisories and apply them promptly once available. 7. Consider using runtime application self-protection (RASP) or endpoint detection and response (EDR) tools to detect and block exploitation attempts. 8. Review and harden access controls around AI/ML infrastructure to minimize the privileges of processes running the Transformers library.