CVE-2025-50472: The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untruste
criticalvulnerability
security
Summary
The modelscope/ms-swift library up to version 2.6.1 has a critical vulnerability where it unsafely deserializes (reconstructs objects from saved data) untrusted files using pickle.load(), a Python function that can run arbitrary code during deserialization. Attackers can exploit this by tricking users into loading a malicious checkpoint file during model training, executing code on their machine while keeping the training process running normally so the user doesn't notice the attack.
Vulnerability Details
CVSS Score
9.8(critical)
EPSS (30-day exploit probability)
EPSS: 0.8%
Classification
Attack Type
Model PoisoningSupply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrity
Affected Vendors
HuggingFace
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-50472
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 95%