Lightning AI Studio Vulnerability Enables Remote Code Execution
/ 1 min read
⚡🛠️ Critical vulnerability discovered in Lightning AI Studio could allow remote code execution. Cybersecurity researchers have identified a severe flaw in the Lightning AI Studio platform, rated with a CVSS score of 9.4, that could enable attackers to execute arbitrary commands with root privileges. The vulnerability stems from a hidden URL parameter that allows for the execution of Base64-encoded instructions, potentially leading to the exfiltration of sensitive data such as access tokens. Exploitation requires knowledge of a user’s profile username, which is publicly accessible. The Lightning AI team addressed the issue following responsible disclosure on October 14, 2024, with a fix implemented by October 25. This incident highlights the critical need for securing tools used in AI model development due to their sensitive nature.
