A high-severity vulnerability, CVE-2024-9880, has been identified in the Apache Pandas library, a cornerstone of data analysis in Python. The flaw resides in the pandas.DataFrame.query function, which is commonly used to filter and manipulate data. This vulnerability allows attackers to execute arbitrary commands on a server by crafting malicious queries, posing a significant risk to applications that rely on Pandas for data processing[1].
The vulnerability was disclosed on March 20, 2025, and affects all versions of Pandas up to and including v2.2.2. With a CVSS score of 8.4 (HIGH), this issue demands immediate attention from developers and security teams[2].
TL;DR
- Vulnerability: A command injection flaw in Apache Pandas’
DataFrame.queryfunction (CVE-2024-9880) allows arbitrary code execution. - Severity: Rated 8.4 (HIGH) on the CVSS scale.
- Affected Versions: Pandas versions up to and including v2.2.2.
- Impact: Attackers can execute malicious commands on servers by crafting malicious queries.
- Mitigation: Developers must sanitize user input and avoid passing untrusted data to the
queryfunction. - Red-Team Relevance: Exploitable for remote code execution in environments using vulnerable Pandas versions.
- C-Suite Summary: A critical vulnerability in a widely-used data analysis library could allow attackers to compromise systems. Immediate action is required to patch or mitigate risks.
Technical Details
The vulnerability stems from improper validation of user-supplied input in the query function when using the ‘python’ engine. By exploiting this flaw, an attacker can inject malicious code into the query expression, leading to remote command execution (RCE). For example, an attacker could craft a query like:
@pd.core.frame.com.builtins.__import__("os").system("""ping google.com #""")This would execute the ping command on the server, demonstrating the potential for arbitrary code execution[3].
The issue is exacerbated by the fact that the query function is often exposed to user input in web applications, APIs, or data processing pipelines. If developers fail to sanitize or validate this input, attackers can exploit the vulnerability to gain control over the system[4].
Mitigation and Recommendations
The Pandas development team has acknowledged the issue and added a warning to the library’s documentation, emphasizing that the query function can evaluate arbitrary code, similar to eval(). Developers are strongly advised to:
- Sanitize Input: Ensure that user-supplied input is properly validated and sanitized before being passed to the
queryfunction. - Parameterize Queries: Use parameterized queries to prevent code injection.
- Upgrade Pandas: Monitor for updates and patches from the Pandas team, as a fix is expected in future releases[5].
For organizations using Pandas in production, it is critical to audit codebases for instances of the query function and assess whether they handle untrusted input. Security teams should also implement monitoring and logging to detect potential exploitation attempts[6].
Red-Team Relevance
For red-teamers, CVE-2024-9880 presents a valuable opportunity for remote code execution in environments where Pandas is used. Here’s how this vulnerability can be leveraged offensively:
- Reconnaissance: Identify applications or services that use Pandas for data processing. This could include data pipelines, analytics dashboards, or machine learning systems.
- Exploitation: Craft malicious queries to inject commands into the
queryfunction. For example, use the vulnerability to deploy a reverse shell or exfiltrate sensitive data. - Persistence: Once access is gained, establish persistence by creating backdoors or modifying system configurations.
This vulnerability is particularly relevant in environments where developers have not implemented proper input validation, making it a low-hanging fruit for red-team engagements[7].
C-Suite Summary
For senior executives, CVE-2024-9880 represents a critical security risk that could compromise systems and data integrity. Apache Pandas is a foundational library used across industries for data analysis, and this vulnerability could allow attackers to execute arbitrary commands on affected systems. Immediate action is required to:
- Assess Exposure: Determine if your organization uses vulnerable versions of Pandas.
- Patch or Mitigate: Apply patches as soon as they are available or implement workarounds to mitigate risks.
- Educate Developers: Ensure that development teams are aware of the risks associated with passing untrusted input to the
queryfunction.
Failure to address this vulnerability could result in data breaches, system compromises, and reputational damage[8].
Conclusion
The discovery of CVE-2024-9880 highlights the importance of secure coding practices and the risks associated with widely-used libraries like Apache Pandas. While the Pandas team has taken steps to warn developers, the responsibility ultimately lies with organizations to implement robust security measures. For red-teamers, this vulnerability offers a potent tool for exploitation, underscoring the need for proactive defense strategies.
As the cybersecurity landscape continues to evolve, staying ahead of vulnerabilities like this one will be crucial for maintaining the integrity and security of data-driven applications.
References
- Snyk Vulnerability Database (2024). “Arbitrary Command Execution in pandas.DataFrame.query()”
- Tenable (2024). “Pandas DataFrame.query Code Injection (Unpatched)”
- Debian Security Tracker (2024). “CVE-2024-9880”
- Qualys Notifications (2025). “Web Application Detections Published in January 2025”
- GitHub Issue (2024). “QST: Does the project consider DataFrame.query() arbitrary code execution to be a security vulnerability?”
- Huntr (2024). “pandas-dev/pandas”
- DependencyCheck (2025). “Dependency Check Report – Pandas 1.5.3”
- Palo Alto Networks (2024). “CVE-2024-8686 PAN-OS: Command Injection Vulnerability”
