What is the CVSS score of CVE-2024-12029?

CVE-2024-12029 has a CVSS 3.0 base score of 9.8 (Critical). CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 49.1%.

Is there a public PoC exploit available for CVE-2024-12029?

Yes, a public proof-of-concept exploit is available for CVE-2024-12029. Prioritise patching immediately. EPSS: 49.1%.

How to fix or mitigate CVE-2024-12029?

Within 24 hours: Identify all affected systems running invoke-ai/invokeai and apply vendor patches immediately. Restrict deserialization to trusted data sources and implement integrity checks.

CVE-2024-12029

CRITICAL

Deserialization of Untrusted Data (CWE-502)

2025-03-20 security@huntr.dev

RCE Deserialization

9.8

CVSS 3.0 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

CVE Published

Mar 20, 2025 - 10:15 nvd

CRITICAL 9.8

DescriptionCVE.org

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious code in model files, which is executed upon loading. This issue is fixed in version 5.4.3.

AnalysisAI

InvokeAI image generation platform versions 5.3.1 through 5.4.2 contain a remote code execution vulnerability via unsafe deserialization when loading AI models. Attackers can embed malicious code in model files that execute when loaded through the /api/v2/models/install API endpoint.

Technical ContextAI

InvokeAI uses torch.load() to deserialize model files without safety restrictions. An attacker can craft a malicious model file with embedded Python code in the pickle stream that executes during deserialization. The /api/v2/models/install API endpoint triggers the model loading, executing the payload on the server.

Affected ProductsAI

InvokeAI 5.3.1 through 5.4.2

RemediationAI

Update InvokeAI beyond 5.4.2. Only load models from trusted sources. Use torch.load with weights_only=True when available. Run InvokeAI in a sandboxed environment with restricted network access.

CVE-2024-12029 vulnerability details – vuln.today

Back

CVE-2024-12029

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code