CVE-2025-3677: A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the functio
Summary
A critical vulnerability (CVE-2025-3677) was found in lm-sys FastChat version 0.2.36 and earlier in the file apply_delta.py. The flaw involves deserialization (converting data back into code or objects, which can be dangerous if the data comes from an untrusted source) and can only be exploited by someone with local access to the affected system.
Vulnerability Details
5.3(medium)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-3677
First tracked: February 15, 2026 at 08:48 PM
Classified by LLM (prompt v3) · confidence: 85%