Summary: A critical security vulnerability has been found in the Lightning AI Studio development platform, enabling potential remote code execution with a CVSS score of 9.4. This flaw allows attackers to execute arbitrary commands, potentially accessing sensitive information and manipulating the file system. The issue has been publicly disclosed and resolved by the Lightning AI team following responsible disclosure.
Affected: Lightning AI Studio
Keypoints :
- Vulnerability allows remote code execution with root privileges via a hidden URL parameter.
- Attackers need prior knowledge of a userβs profile username to exploit the vulnerability.
- The Lightning AI team has resolved the issue as of October 25, 2024.
Source: https://thehackernews.com/2025/01/lightning-ai-studio-vulnerability.html