Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/06/28 3:17 p.m.7 views

CVE-2025-53002

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vheadfile is loaded without proper safeguards,...

9.8CVSS8.7AI score0.0103EPSS
Exploits1References1
OSV
OSV
added 2025/05/01 5:20 p.m.7 views

CVE-2025-46567 LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An...

6.1CVSS7AI score0.00232EPSS
Exploits1References4
Veracode
Veracode
added 2025/04/29 6:55 a.m.10 views

Insecure Deserialization

LLaMA-Factory is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization causing because of the use of torch.load on untrusted .bin files, allowing arbitrary command execution during deserialization...

7.5AI score
Exploits0
OSV
OSV
added 2025/04/23 10:21 p.m.14 views

GHSA-F2F7-GJ54-6VPV LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py

Description A critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file th...

6.1CVSS8.1AI score0.00232EPSS
Exploits1References5
Rows per page
Query Builder