{"data":{"id":"0cf7511b-96c8-467a-8cb1-311d8d3bfde1","title":"CVE-2025-3677: A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the functio","summary":"A critical vulnerability (CVE-2025-3677) was found in lm-sys FastChat version 0.2.36 and earlier in the file apply_delta.py. The flaw involves deserialization (converting data back into code or objects, which can be dangerous if the data comes from an untrusted source) and can only be exploited by someone with local access to the affected system.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-3677","publishedAt":"2025-04-16T13:15:28.273Z","cveId":"CVE-2025-3677","cweIds":["CWE-20","CWE-502"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["lm-sys FastChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00128,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}