Количество 2
Количество 2
CVE-2025-67729
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file. This issue has been patched in version 0.11.1.
GHSA-9pf3-7rrr-x5jh
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-67729 LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file. This issue has been patched in version 0.11.1. | CVSS3: 8.8 | 0% Низкий | около 2 месяцев назад |
| GHSA-9pf3-7rrr-x5jh lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load() | CVSS3: 8.8 | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу