How to fix CVE-2024-12029?

Within 24 hours: Identify all affected systems running invoke-ai/invokeai and apply vendor patches immediately. Restrict deserialization to trusted data sources and implement integrity checks.

Is Deserialization affected by CVE-2024-12029?

Organizations using invoke-ai/invokeai face critical risk from CVE-2024-12029, a insecure deserialization vulnerability rated CVSS 9.8. Insecure deserialization could allow attackers to execute arbitrary code by providing crafted serialized data.

CVE-2024-12029

CRITICAL

2025-03-20 [email protected]

9.8

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

CVE Published

Mar 20, 2025 - 10:15 nvd

CRITICAL 9.8

Description

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious code in model files, which is executed upon loading. This issue is fixed in version 5.4.3.

Analysis

InvokeAI image generation platform versions 5.3.1 through 5.4.2 contain a remote code execution vulnerability via unsafe deserialization when loading AI models. Attackers can embed malicious code in model files that execute when loaded through the /api/v2/models/install API endpoint.

Technical Context

InvokeAI uses torch.load() to deserialize model files without safety restrictions. An attacker can craft a malicious model file with embedded Python code in the pickle stream that executes during deserialization. The /api/v2/models/install API endpoint triggers the model loading, executing the payload on the server.

Affected Products

['InvokeAI 5.3.1 through 5.4.2']

Remediation

Update InvokeAI beyond 5.4.2. Only load models from trusted sources. Use torch.load with weights_only=True when available. Run InvokeAI in a sandboxed environment with restricted network access.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +49.1

CVSS: +49

POC: 0

CVE-2024-12029 vulnerability details – vuln.today

Back

CVE-2024-12029

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-12029

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code