CNNVD-202506-3323 Information
CNNVD ID
CNNVD-202506-3323
Related CVE
- CNNVD Published: 2025-06-26
Description (Chinese)
LLaMA-Factory是中国hoshi-hiyouga个人开发者的一个微调大型语言模型。 LLaMA-Factory 0.9.3及之前版本存在代码问题漏洞,该漏洞源于vhead_file加载不当,可能导致远程代码执行。
Description (English)
LLAMA-Factory is a fine-tuning large language model for the Hoshi-hiyouga personal developer in China. LLAMA-Factory 0.9.3 and previous versions had a code problem loophole, which stemmed from the inappropriate loading of vhead file and could lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Live Support
Published
2025-06-26
Last Modified
2026-02-24
References
https://github.com/hiyouga/LLaMA-Factory/security/advisories/GHSA-xj56-p8mm-qmxj https://github.com/hiyouga/LLaMA-Factory/commit/bb7bf51554d4ba8432333c35a5e3b52705955ede https://drive.google.com/file/d/1AddKm2mllsXfuvL4Tvbn_WJdjEOYXx4y/view?usp=sharing https://nvd.nist.gov/vuln/detail/CVE-2025-53002
Patch
https://github.com/hiyouga/LLaMA-Factory/releases
Share on: