CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-46567: LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py

6.1 CVSS

Description

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torch.load()` on user-supplied `.bin` files from an input directory. An attacker can exploit this behavior by crafting a malicious `.bin` file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0.

Classification

CVE ID: CVE-2025-46567

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Problem Types

CWE-502: Deserialization of Untrusted Data

Affected Products

Vendor: hiyouga

Product: LLaMA-Factory

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.84% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46567
https://github.com/hiyouga/LLaMA-Factory/security/advisories/GHSA-f2f7-gj54-6vpv
https://github.com/hiyouga/LLaMA-Factory/commit/2989d39239d2f46e584c1e1180ba46b9768afb2a

Timeline

2025-05-01 18:40:14 UTC
CVE

LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py