Platform
python
Component
llamafactory
Fixed in
0.9.5
0.9.4
CVE-2025-61784 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the llamafactory chat API. This vulnerability allows authenticated users to force the server to make arbitrary HTTP requests, potentially exposing sensitive internal services and enabling Local File Inclusion (LFI). The vulnerability impacts versions of llamafactory up to and including 0.9.3, and a fix is available in version 0.9.4.
The SSRF vulnerability in llamafactory allows an attacker to craft malicious requests that the server will execute on their behalf. This can lead to several severe consequences. An attacker could use this to scan the internal network for open ports and services, potentially identifying other vulnerable systems. They could also interact with internal APIs or databases that are not exposed to the public internet, leading to data exfiltration or modification. The LFI component further exacerbates the risk, allowing attackers to read arbitrary files from the server's filesystem, potentially including configuration files, source code, or sensitive data. This vulnerability shares characteristics with other SSRF exploits where internal resources are inadvertently exposed due to improper input validation.
CVE-2025-61784 was publicly disclosed on 2025-10-07. The vulnerability's severity is rated HIGH with a CVSS score of 7.6. There is currently no indication of active exploitation campaigns targeting this vulnerability, but the availability of a public SSRF vulnerability increases the risk of future attacks. No KEV listing is currently available.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-61784 is to upgrade to llamafactory version 0.9.4 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict network access from the llamafactory server to only necessary internal resources using firewall rules or network segmentation. Implement strict input validation on all user-supplied data to prevent malicious URLs from being constructed. Consider deploying a Web Application Firewall (WAF) with SSRF protection rules to filter out suspicious requests. Monitor server logs for unusual outbound HTTP requests originating from the llamafactory API. After upgrading, confirm the fix by attempting to trigger an SSRF request and verifying that it is blocked.
Actualice LLaMA-Factory a la versión 0.9.4 o superior. Esto corrige las vulnerabilidades SSRF y LFI en la API de chat. La actualización se puede realizar utilizando el gestor de paquetes de Python, como pip.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-61784 is a Server-Side Request Forgery vulnerability in llamafactory versions up to 0.9.3, allowing attackers to make arbitrary HTTP requests and potentially access internal resources.
You are affected if you are using llamafactory versions 0.9.3 or earlier. Upgrade to version 0.9.4 or later to mitigate the vulnerability.
Upgrade to llamafactory version 0.9.4 or later. As a temporary workaround, restrict network access and implement input validation.
There is currently no confirmed evidence of active exploitation, but the vulnerability's public disclosure increases the risk of future attacks.
Refer to the llamafactory project's official website or GitHub repository for the latest security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.