CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Hiyouga: Security Vulnerabilities

CVE-2025-46567

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torch.load()` on user-supplied `.bin` files from an input directory. An attacker can exploit this behavior by crafting a malicious `.bin` file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0.

CVSS Score

6.1

EPSS Score

0.001

Published

2025-05-01

Page 1

Vulnerabilities

Vulnerable Software

Hiyouga: Security Vulnerabilities

Products

Pricing

Contact Us