CVE-2025-3622
Xorbits Inference up to version 1.4.1 contains a deserialization flaw in the load function of xinference/thirdparty/cosyvoice/cli/model.py. The issue allows manipulation of serialized data to trigger code execution or other unintended behavior. CVSS metrics in the connected data indicate a MEDIUM...