Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/03 6:6 p.m.19 views

CVE-2025-46567

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...

7.8CVSS7.4AI score0.00232EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/01 5:20 p.m.17 views

CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...

6.1CVSS0.00232EPSS
Exploits1References2
CVE
CVE
added 2025/05/01 5:20 p.m.55 views

CVE-2025-46567

Summary of CVE-2025-46567 (LLaMA-Factory) : The LLaMA-Factory project contains a critical vulnerability prior to version 1.0.0 in the llamafy_baichuan2.py script, which performs insecure deserialization using torch.load() on user-supplied .bin files. A crafted malicious .bin can trigger arbitrary...

7.8CVSS6.4AI score0.00232EPSS
Exploits1References2Affected Software1
Circl
Circl
added 2025/04/23 8:41 a.m.6 views

CVE-2025-46567

creationtimestamp| type| source ---|---|--- 2025-04-23 08:41:15+00:00| published-proof-of-concept| https://github.com/hiyouga/LlamaFactory/security/advisories/GHSA-f2f7-gj54-6vpv...

7.8CVSS5.8AI score0.00232EPSS
Exploits1References1
Rows per page
Query Builder