CNNVD-202512-4108 Information
CNNVD ID
CNNVD-202512-4108
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
Hugging Face Transformers是Hugging Face开源的一个用于定义最先进机器学习模型的框架,涵盖文本、视觉、音频和多模态模型,可用于推理和训练。 Hugging Face Transformers存在代码问题漏洞,该漏洞源于Perceiver Model解析模型文件时缺乏对用户提供数据的验证,可能导致反序列化不可信数据和远程代码执行。
Description (English)
Hugging Face Transformers is a framework for defining the state-of-the-art machine learning model that covers text, visual, audio and multi-modular models that can be used for reasoning and training. There is a code problem loophole in Hugging Face Transformers, which stems from the lack of validation of data provided by users in the Perceiver Model decomposition model file, which may lead to anti-serialization unreliable data and remote code execution.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Hugging Face
Published
2025-12-23
Last Modified
2026-02-24
References
https://www.zerodayinitiative.com/advisories/ZDI-25-1150/
Share on: