CNNVD-202508-2093 Information

CNNVD ID

CNNVD-202508-2093

Related CVE

CVE-2025-50461

• CNNVD Published: 2025-08-19

Description (Chinese)

Volcengine verl是Volcengine开源的一个大语言模型库。 Volcengine verl 3.0.0版本存在安全漏洞，该漏洞源于反序列化不当，可能导致任意代码执行。

Description (English)

Volcengine verl is a large language model library for Volcengine ’ s open source. There is a security loophole in Volcengine verl 3.0.0, which stems from inappropriate re-sequencing and may lead to arbitrary code enforcement.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

VTScada

Published

2025-08-19

Last Modified

2026-02-24

References

https://github.com/Anchor0221/CVE-2025-50461 https://github.com/volcengine/verl/blob/main/scripts/model_merger.py#L152 https://github.com/pytorch/pytorch/blob/main/SECURITY.md#loading-untrusted-data https://pytorch.org/docs/stable/generated/torch.load.html https://nvd.nist.gov/vuln/detail/CVE-2025-50461

Patch

https://verl.readthedocs.io/en/latest/index.html