Plateforme
python
Composant
llamafactory
Corrigé dans
0.9.5
0.9.4
A critical remote code execution (RCE) vulnerability has been identified within the llamafactory training process, specifically affecting versions up to 0.9.3. This flaw allows attackers to execute arbitrary code on the host system by manipulating the Checkpoint path parameter through the WebUI interface. The exploitation is stealthy, leaving victims unaware of the compromise, and is rooted in the insecure loading of the vheadfile without the weightsonly=True safeguard. A patch is available in version 0.9.4.
The impact of this vulnerability is severe. An attacker can gain complete control over the affected system by injecting malicious code through the Checkpoint path parameter. This could lead to data exfiltration, system compromise, and potential lateral movement within the network. The lack of awareness during exploitation further exacerbates the risk, as the attacker can operate undetected for an extended period. The vulnerability's reliance on the WebUI interface makes it accessible to attackers with minimal interaction, significantly broadening the potential attack surface. The absence of the weightsonly=True parameter during vheadfile loading is the direct cause, allowing arbitrary code execution.
This vulnerability is currently not listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is likely to emerge given the ease of exploitation. The CVSS score of 8.3 (HIGH) indicates a significant risk. The vulnerability's stealthy nature and ease of exploitation suggest a potential for active exploitation campaigns, particularly targeting environments utilizing llamafactory for training purposes. The vulnerability was publicly disclosed on 2025-06-27.
Organizations and individuals utilizing llamafactory for machine learning model training, particularly those running versions 0.9.3 or earlier, are at significant risk. This includes researchers, developers, and companies deploying llamafactory in production environments. Shared hosting environments where llamafactory is installed could also be vulnerable if the hosting provider hasn't applied the necessary updates.
• python / llamafactory:
import os
import subprocess
def check_llamafactory_version():
try:
result = subprocess.check_output(['llamafactory', '--version'], stderr=subprocess.STDOUT, text=True)
version = result.strip()
if version <= '0.9.3':
print(f"Vulnerability detected: llamafactory version {version} is vulnerable.")
else:
print(f"llamafactory version {version} is patched.")
except FileNotFoundError:
print("llamafactory not found.")
except subprocess.CalledProcessError as e:
print(f"Error checking version: {e}")
check_llamafactory_version()• generic web:
curl -I http://your-llamafactory-server/WebUI/checkpoint | grep -i 'checkpoint path'• generic web: Check access logs for requests containing unusual or long Checkpoint path parameters.
disclosure
patch
Statut de l'Exploit
EPSS
1.62% (percentile 82%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to immediately upgrade to llamafactory version 0.9.4 or later, which addresses the insecure file loading. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the WebUI interface to trusted users only. Implement input validation on the Checkpoint path parameter to prevent malicious input. Monitor system logs for suspicious activity related to file loading and execution. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests. After upgrading, confirm the fix by attempting to load a checkpoint with a deliberately crafted, but harmless, path to verify that the weights_only=True parameter is now enforced.
Actualice LLaMA-Factory a la versión 0.9.4 o superior. Esto corrige la vulnerabilidad de ejecución remota de código al cargar el archivo `vhead_file` con los parámetros de seguridad adecuados. La actualización previene la ejecución de código malicioso a través de la interfaz WebUI.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-53002 is a critical remote code execution vulnerability in llamafactory versions 0.9.3 and earlier. Attackers can execute arbitrary code via a malicious Checkpoint path parameter in the WebUI interface.
You are affected if you are using llamafactory version 0.9.3 or earlier. Upgrade to version 0.9.4 or later to mitigate the risk.
Upgrade to llamafactory version 0.9.4 or later. As a temporary workaround, restrict access to the WebUI and validate input parameters.
While there's no confirmed active exploitation at this time, the vulnerability's ease of exploitation suggests a potential for future attacks.
Refer to the llamafactory project's official repository and release notes for the advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.