CNNVD-202510-898 Information
CNNVD ID
CNNVD-202510-898
Related CVE
- CNNVD Published: 2025-10-07
Description (Chinese)
LLaMA-Factory是中国hoshi-hiyouga个人开发者的一个微调大型语言模型。 LLaMA-Factory 0.9.4之前版本存在安全漏洞,该漏洞源于_process_request函数未对URL进行验证或清理,可能导致服务端请求伪造和本地文件包含攻击。
Description (English)
LLAMA-Factory is a fine-tuning large language model for the Hoshi-hiyouga personal developer in China. Prior to LLAMA-Factory 0.9.4, there was a security loophole resulting from the fact that the process request function did not verify or clean up the URL, which could result in the service requesting forgery and local documentation containing an attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-10-07
Last Modified
2026-02-24
References
https://github.com/hiyouga/LLaMA-Factory/commit/95b7188090a1018935c9dc072bfc97f24f1c96e9 https://github.com/hiyouga/LLaMA-Factory/security/advisories/GHSA-527m-2xhr-j27g https://access.redhat.com/security/cve/cve-2025-61784
Patch
https://github.com/hiyouga/LLaMA-Factory/releases
Share on: