CNNVD-202512-4103 Information

CNNVD ID

CNNVD-202512-4103

Related CVE

CVE-2025-14925

• CNNVD Published: 2025-12-23

Description (Chinese)

Hugging Face Accelerate是Hugging Face开源的一个Python的轻量级工具库。 Hugging Face Accelerate存在代码问题漏洞，该漏洞源于解析检查点时缺乏对用户提供数据的验证，可能导致反序列化不可信数据和远程代码执行。

Description (English)

Hugging Face Accelerate is a Python lightweight tool bank that is an open source for Hugging Face. Hugging Face Accelerate has a code loophole, which stems from the lack of validation of data provided by users at the parsing point, which may lead to anti-serialization untrustworthy data and remote code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Hugging Face

Published

2025-12-23

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1140/