CVE-2025-46567 MEDIUM

CVE-2025-46567: LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py

Vendor Hiyouga
Product LLaMA-Factory
Weakness CWE-502 · Unsafe deserialization
Published May 1, 2025
Last update May 2, 2025

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torch.load()` on user-supplied `.bin` files from an input directory. An attacker can exploit this behavior by crafting a malicious `.bin` file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0.

Key dates

02Disclosure timeline

May 1, 2025 CVE published
May 2, 2025 Record updated