Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

Local File Inclusion in haotian-liu/llava

CVE-2024-12065

Description

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component.

Affected products

Haotian Liu/Haotian Liu/llavav5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

huntr.com/bounties/0594503c-038f-401c-9127-08be32bfd682mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000