CNNVD-202509-3796 Information

CNNVD ID

CNNVD-202509-3796

Related CVE

CVE-2025-55178

• CNNVD Published: 2025-09-24

Description (Chinese)

Llama Stack是Meta Llama开源的一个 Llama Stack API 的模型组件。 Llama Stack v0.2.20之前版本存在安全漏洞，该漏洞源于resolve_ast_by_type函数接受未验证参数，可能导致远程代码执行。

Description (English)

Llama Stack is a model component of Llama Stack API, an open source of Meta Llama. Prior to Llama Stack v2.20, there was a security loophole, which originated from the acceptance of unverified parameters by the Resolve ast by type function, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

MetaMask

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/llamastack/llama-stack/pull/3281 https://github.com/llamastack/llama-stack/releases/tag/v0.2.20 https://www.facebook.com/security/advisories/cve-2025-55178

Patch

https://llamastack.github.io/latest/