4 matches found
CVE-2025-53002
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...
CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...
Insecure Deserialization
LLaMA-Factory is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization causing because of the use of torch.load on untrusted .bin files, allowing arbitrary command execution during deserialization...
GHSA-F2F7-GJ54-6VPV LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
Description A critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file th...