Security News > 2025 > January > Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter
2025-01-30 12:33
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in
News URL
https://thehackernews.com/2025/01/lightning-ai-studio-vulnerability.html
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts (source)