Lucene search
K
InternlmLmdeploy

4 matches found

CVE
CVE
added 2026/04/20 8:29 p.m.85 views

CVE-2026-33626

LMDeploy SSRF in the vision-language module (prior to 0.12.3) allows an attacker to fetch arbitrary URLs via load_image() in lmdeploy/vl/utils.py without internal IP validation, potentially reaching cloud metadata services and internal networks. The issue also affects encode_image_base64() and ca...

7.5CVSS5.9AI score0.4525EPSS
In wildWeb
CVE
CVE
added 2025/04/03 3:0 p.m.61 views

CVE-2025-3162

CVE-2025-3162 affects InternLM LMDeploy (up to 0.7.1). Affected is the function load_weight_ckpt in lmdeploy/lmdeploy/vl/model/utils.py (PT File Handler). The underlying issue is insecure/deserialization of inputs, enabling a local attacker to manipulate deserialization. Attacking locally is a re...

7.8CVSS7.1AI score0.003EPSS
CVE
CVE
added 2025/04/03 3:31 p.m.57 views

CVE-2025-3163

CVE-2025-3163 affects InternLM LMDeploy up to version 0.7.1. The vulnerability targets the function Open in lmdeploy/docs/en/conf.py, where input manipulation leads to arbitrary code execution. The issue enables a local-host attack, and public disclosure of the exploit is noted in multiple source...

7.8CVSS7.5AI score0.00338EPSS
CVE
CVE
added 2025/12/26 9:54 p.m.11 views

CVE-2025-67729

LMDeploy prior to v0.11.1 is affected by an insecure deserialization vulnerability in torch.load() called without weights_only=True when loading model checkpoint files (.bin/.pt). This can allow an attacker to execute arbitrary code on the victim's machine. The issue is patched in v0.11.1. Affect...

8.8CVSS9.4AI score0.00487EPSS