CNNVD-202508-049 Information
Aug 01, 2025
cve
CNNVD ID
CNNVD-202508-049
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
SWIFT是ModelScope开源的一个大模型与多模态大模型微调部署框架。 SWIFT 3.3.0版本存在安全漏洞,该漏洞源于PyYAML库中yaml.load()不安全反序列化,可能导致任意代码执行。
Description (English)
SWIFT is a large model and multi-mode large model fine-tuning deployment framework for the ModelScope open source. Release 3.3.0 of SWIFT contains a security loophole, which originates from Yaml.load() unsafe backsequencing in the PyYAML library, which may lead to arbitrary code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
ModelScope
Published
2025-08-01
Last Modified
2026-02-24
References
https://github.com/advisories/GHSA-6757-jp84-gxfx https://github.com/Anchor0221/CVE-2025-50460 https://github.com/modelscope/ms-swift https://github.com/modelscope/ms-swift/blob/main/tests/run.py#L420 https://access.redhat.com/security/cve/cve-2025-50460
Patch
https://github.com/modelscope/ms-swift/releases
Share on: