Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/12/24 6:18 p.m.11 views

CVE-2025-14924

A flaw was found in the Hugging Face Transformers library. The parsing of checkpoints fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious megatrongpt2 model, resulting in arbitrary code execution in the...

8.8CVSS8AI score0.00262EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/23 9:50 p.m.4 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the megatrongpt2 process. An attacker can achieve arbitrary code execution by tricking a user into opening a...

8.5CVSS7.9AI score0.00262EPSS
Exploits0References2
PyPA
PyPA
added 2025/12/23 9:15 p.m.15 views

PYSEC-2025-213

Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...

7.8CVSS7.6AI score0.00262EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/23 9:4 p.m.2 views

CVE-2025-14924 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...

7.8CVSS7.3AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.4 views

Hugging Face Transformers 代码问题漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code issue vulnerability exists in Hugging Face Transformers that stems from a lack of...

7.8CVSS8AI score0.00262EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/18 12:0 a.m.4 views

(0Day) Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.3AI score0.00262EPSS
Exploits0
Rows per page
Query Builder