4 matches found
CVE-2025-46567
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...
CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...
CVE-2025-46567
Summary of CVE-2025-46567 (LLaMA-Factory) : The LLaMA-Factory project contains a critical vulnerability prior to version 1.0.0 in the llamafy_baichuan2.py script, which performs insecure deserialization using torch.load() on user-supplied .bin files. A crafted malicious .bin can trigger arbitrary...
CVE-2025-46567
creationtimestamp| type| source ---|---|--- 2025-04-23 08:41:15+00:00| published-proof-of-concept| https://github.com/hiyouga/LlamaFactory/security/advisories/GHSA-f2f7-gj54-6vpv...