CNNVD-202508-051 Information
CNNVD ID
CNNVD-202508-051
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
SWIFT是ModelScope开源的一个大模型与多模态大模型微调部署框架。 SWIFT 2.6.1及之前版本存在安全漏洞,该漏洞源于ModelFileSystemCache类中load_model_meta()函数对不可信数据反序列化,可能导致任意代码执行。
Description (English)
SWIFT is a large model and multi-mode large model fine-tuning deployment framework for the ModelScope open source. The SWIFT 2.6.1 and previous versions have a security loophole, which stems from the load model meta() function in the ModelFileSystemCache category, which reverses untrustworthy data and may lead to arbitrary code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
ModelScope
Published
2025-08-01
Last Modified
2026-02-24
References
https://github.com/modelscope/ms-swift/blob/ab38bff0387a86fd9f068246c326ee7b0d5ed139/swift/hub/utils/caching.py#L141 https://github.com/xhjy2020/CVE-2025-50472 https://access.redhat.com/security/cve/cve-2025-50472
Patch
https://github.com/modelscope/ms-swift/releases
Share on: