4 matches found
Deserialization of Untrusted Data
Overview lazyllm is an A Low-code Development Tool For Building Multi-agent LLMs Applications. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the lazyllmcall function in server.py. An attacker can execute arbitrary code or manipulate application behavior...
CVE-2025-10965 LazyAGI LazyLLM server.py lazyllm_call deserialization
A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllmcall of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed...
CVE-2025-10965 LazyAGI LazyLLM server.py lazyllm_call deserialization
A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllmcall of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed...
CVE-2025-10965
The vulnerability CVE-2025-10965 affects LazyAGI LazyLLM up to 0.6.1. The issue is in lazyllm_call (lazyllm/components/deploy/relay/server.py), where deserialization can be manipulated, enabling a remote attack. Public exploit details exist (exploit maturity: proof-of-concept). Affected software/...