CVE-2025-14930

A flaw was found in the Hugging Face Transformers library. The parsing of weights fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious GLM4 model, resulting in arbitrary code execution in the context of the...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11304 more potentially affected by CVE-2025-14930 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14930 Source advisory: SNYK:PYTHON-TRANSFORMERS-14563374...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +2061 more potentially affected by CVE-2025-14930 via transformers (>=2.10.0 <=4.57.1)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-14930 Source advisory: OSV:PYSEC-2025-218...

CVE-2025-14930

creationtimestamp| type| source ---|---|--- 2025-12-18 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-1145/ 2025-12-23 21:34:48+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115771027410495980...