CVE-2025-67729
Insecure Deserialization in LMDeploy Enables Remote Code Execution
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lmdeploy | lmdeploy | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an insecure deserialization issue in LMDeploy versions prior to 0.11.1. It occurs because the function torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine by providing a malicious .bin or .pt model file.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to execute arbitrary code on your machine when you load a malicious model file. This can lead to full compromise of your system, including unauthorized access, data theft, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
Upgrade LMDeploy to version 0.11.1 or later, where the insecure deserialization vulnerability has been patched by adding the weights_only=True parameter to torch.load(). Avoid loading untrusted or malicious .bin or .pt model files to prevent arbitrary code execution.