CVE-2025-67729

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...

CVE-2025-62164 VLLM deserialization vulnerability leading to DoS and potential RCE

vLLM is an inference and serving engine for large language models LLMs. From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash denial-of-service and potentially remote code execution RCE, exists in the Completions API endpoint. When processing user-supplied...

EUVD-2025-9644

Malicious code in bioql PyPI...

CVE-2025-49841

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in processckpt.py. The SoVITSdropdown variable takes user input and passes it to the loadsovitsnew function in processckpt.py. In loadsovitsnew, the...

CVE-2025-4701

A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local ho...

CVE-2025-4701 VITA-MLLM Freeze-Omni utils.py torch.load deserialization

A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local ho...

CVE-2025-4701 VITA-MLLM Freeze-Omni utils.py torch.load deserialization

A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local ho...

Insecure Deserialization

LLaMA-Factory is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization causing because of the use of torch.load on untrusted .bin files, allowing arbitrary command execution during deserialization...

CVE-2025-32434

PyTorch contains a Remote Command Execution (RCE) vulnerability in versions 2.5.1 and earlier when loading a model with torch.load and weights_only=True. The issue is publicly documented and has been patched in version 2.6.0. External notices reiterate that upgrading to 2.6.0+ mitigates the flaw;...

CVE-2025-3165

A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckptpath/quantckptdir leads to deserialization. An attack has to be approached locally...

CVE-2025-3165

CVE-2025-3165 affects thu-pacman chitu 0.1.0. The vulnerability is in the function torch.load within chitu/chitu/backend.py, where manipulation of the arguments ckpt_path/quant_ckpt_dir leads to deserialization. An attack requires local access. The issue is documented across multiple feeds (NVD, ...

CVE-2025-3165 thu-pacman chitu backend.py torch.load deserialization

A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckptpath/quantckptdir leads to deserialization. An attack has to be approached locally...

PT-2025-7327 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: InvokeAI affected versions not specified Description: The issue concerns an unsafely deserialized file download in the backend, potentially allowing remote code execution RCE through PyTorch's torch.load function. Recommendations: At the...

InvokeAI RCE

InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...

vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator

Description The vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It use torch.load function and weightsonly parameter is default value False. There is a security warning on...

CVE-2025-24357 vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator

vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...