CNNVD-202509-3908 Information

CNNVD ID

CNNVD-202509-3908

Related CVE

CVE-2025-10975

• CNNVD Published: 2025-09-25

Description (Chinese)

VLA-RL是lg(x)个人开发者的一个视觉语言动作模型。 VLA-RL存在代码问题漏洞，该漏洞源于对文件experiments/robot/bridge/reasoning_server.py中参数Message的错误操作，可能导致反序列化攻击。

Description (English)

VLA-RL is a visual language action model for lg (x) personal developers. VLA-RL has a code problem loophole, which stems from the wrong operation of Message, the parameter in file files/robot/bridge/reasing server.py, which could lead to a back-serialization attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/GuanxingLu/vlarl/issues/18 https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610 https://vuldb.com/?ctiid.325846 https://vuldb.com/?id.325846 https://vuldb.com/?submit.653279