CNNVD-202507-669 Information

CNNVD ID

CNNVD-202507-669

Related CVE

CVE-2025-6386

• CNNVD Published: 2025-07-07

Description (Chinese)

LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言与多模态系统。 LoLLMs存在安全漏洞，该漏洞源于lollms_authentication.py中authenticate_user函数存在时间差攻击风险，可能导致用户名枚举和密码猜测。

Description (English)

LoLLMs is a large-scale language and multimodular system for Saifeddine ALOUI personal developers. The LoLLMs have a security loophole, which stems from the risk of a time difference attack in the Lollms education.py ’ s Authentity user function, which may lead to a user count and password guess.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-07-07

Last Modified

2026-02-24

References

https://huntr.com/bounties/6da05485-d219-4f18-9ffc-991053524b67 https://github.com/parisneo/lollms/commit/f78437f7b5aa39a78c6201912faf4e0645a38c48 https://access.redhat.com/security/cve/cve-2025-6386