CVE-2025-53002

LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the vhead_file is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passing a malicious Checkpoint path parameter through the WebUI interface. The attack is stealthy, as the victim remains unaware of the exploitation. The root cause is that the vhead_file argument is loaded without the secure parameter weights_only=True. Version 0.9.4 contains a fix for the issue.

Published: Jun 27, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-53002
GHSA: GHSA-xj56-p8mm-qmxj
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

CWEs:

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
llamafactory	-	0.9.3.x

Vulnerability Database

CVE-2025-53002

Deep Security Visibility Without the Complexity