{"data":{"id":"530dc68c-514a-48f3-8e38-7240f8d35552","title":"CVE-2025-53002: LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLa","summary":"LLaMA-Factory, a library for training large language models, has a remote code execution vulnerability (RCE, where attackers can run malicious code on a victim's computer) in versions up to 0.9.3. Attackers can exploit this by uploading a malicious checkpoint file through the web interface, and the victim won't know they've been compromised because the vulnerable code loads files without proper safety checks.","solution":"Update to version 0.9.4, which contains a fix for the issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-53002","publishedAt":"2025-06-26T15:15:23.873Z","cveId":"CVE-2025-53002","cweIds":["CWE-94","CWE-502"],"cvssScore":"8.3","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LlamaIndex"],"affectedVendorsRaw":["LLaMA-Factory"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01334,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242","CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}