CNNVD-202509-1225 Information

CNNVD ID

CNNVD-202509-1225

Related CVE

CVE-2025-10164

• CNNVD Published: 2025-09-09

Description (Chinese)

LMSYS SGLang是LMSYS开源的一个大语言模型推理引擎。 LMSYS SGLang 0.4.6版本存在代码问题漏洞，该漏洞源于对文件/update_weights_from_tensor中函数main的参数serialized_named_tensors的错误操作导致反序列化。

Description (English)

LMSYS SGLang is a large-language model reasoning engine for LMSYS. LMSYS SGLang version 0.4.6 has a code problem loophole, which stems from the inverse sequence caused by an error in the function Main of file/update waters frog tensor.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

LMSYS

Published

2025-09-09

Last Modified

2026-02-24

References

https://vuldb.com/?submit.635919 https://vuldb.com/?id.323203 https://vuldb.com/?ctiid.323203 https://access.redhat.com/security/cve/cve-2025-10164

Patch

https://github.com/sgl-project/sglang/releases