Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs
Summary
A critical remote code execution (RCE) vulnerability has been discovered in the Hugging Face Transformers library, impacting millions of downloads and installations. Attackers can exploit this flaw by embedding malicious parameters in model configuration files, bypassing security measures that normally prevent code execution. The vulnerability has been patched in version 5.3.0, but older, vulnerable versions remain widely in use.
IFF Assessment
This vulnerability allows for stealthy compromise of systems using AI models, posing a significant threat to defenders.
Severity
The CVSS score is estimated at 9.0 due to the critical nature of Remote Code Execution (RCE) which allows for full system compromise. The attack vector is network-based, and the exploitability is high given the widespread use of the Hugging Face Transformers library and the stealthy nature of the bypass.
Defender Context
Defenders must prioritize patching Hugging Face Transformers to the latest version to mitigate the risk of RCE attacks. They should also be vigilant about the security of AI supply chains, scrutinizing custom code within AI models and configurations from trusted sources.