What is the CVSS score of CVE-2024-8020?

CVE-2024-8020 has a CVSS 3.0 base score of 7.5 (High). CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of AI / ML are affected by CVE-2024-8020?

Organizations using lightning-ai/pytorch-lightning face notable risk from CVE-2024-8020 rated CVSS 7.5. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2024-8020?

Yes, a public proof-of-concept exploit is available for CVE-2024-8020. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2024-8020?

Within 7 days: Identify all affected systems running lightning-ai/pytorch-lightning and apply vendor patches promptly. Monitor vendor channels for patch availability.

AI / ML CVE-2024-8020

HIGH

Uncaught Exception (CWE-248)

2025-03-20 security@huntr.dev

Denial Of Service Red Hat AI / ML Pytorch Pytorch Lightning

7.5

CVSS 3.0

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

PoC Detected

Oct 15, 2025 - 13:15 vuln.today

Public exploit code

CVE Published

Mar 20, 2025 - 10:15 nvd

HIGH 7.5

DescriptionNVD

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down.

AnalysisAI

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-248. A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the /api/v1/state endpoint of LightningApp. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down. Affected products include: Lightningai Pytorch Lightning. Version information: version 2.3.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.