CVE-2025-4701: A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue
mediumvulnerabilityLLM-Specific
security
Summary
CVE-2025-4701 is a vulnerability in VITA-MLLM Freeze-Omni (versions up to 20250421) where improper input validation in the torch.load function of models/utils.py allows deserialization (converting data back into executable code) of untrusted data through a manipulated file path argument. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 4.8 (medium severity) and can be exploited locally by users with basic privileges.
Vulnerability Details
CVSS Score
5.3(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Model Theft
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
HuggingFace
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-4701
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 75%