Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-3162
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-03 Apr, 2025 | 15:00
Updated At-21 Apr, 2025 | 11:27
Rejected At-
▼CVE Numbering Authority (CNA)
InternLM LMDeploy PT File utils.py load_weight_ckpt deserialization

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
InternLM
Product
LMDeploy
Modules
  • PT File Handler
Versions
Affected
  • 0.7.0
  • 0.7.1
Problem Types
TypeCWE IDDescription
CWECWE-502Deserialization
CWECWE-20Improper Input Validation
Type: CWE
CWE ID: CWE-502
Description: Deserialization
Type: CWE
CWE ID: CWE-20
Description: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.05.3MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.04.3N/A
AV:L/AC:L/Au:S/C:P/I:P/A:P
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 4.3
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
ybdesire (VulDB User)
analyst
ybdesire (VulDB User)
Timeline
EventDate
Advisory disclosed2025-04-03 00:00:00
VulDB entry created2025-04-03 02:00:00
VulDB entry last update2025-04-21 13:29:50
Event: Advisory disclosed
Date: 2025-04-03 00:00:00
Event: VulDB entry created
Date: 2025-04-03 02:00:00
Event: VulDB entry last update
Date: 2025-04-21 13:29:50
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.303108
vdb-entry
technical-description
https://vuldb.com/?ctiid.303108
signature
permissions-required
https://vuldb.com/?submit.542520
third-party-advisory
https://github.com/InternLM/lmdeploy/issues/3255
issue-tracking
https://github.com/InternLM/lmdeploy/issues/3255#issue-2918985270
exploit
issue-tracking
Hyperlink: https://vuldb.com/?id.303108
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.303108
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.542520
Resource:
third-party-advisory
Hyperlink: https://github.com/InternLM/lmdeploy/issues/3255
Resource:
issue-tracking
Hyperlink: https://github.com/InternLM/lmdeploy/issues/3255#issue-2918985270
Resource:
exploit
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/InternLM/lmdeploy/issues/3255
exploit
Hyperlink: https://github.com/InternLM/lmdeploy/issues/3255
Resource:
exploit
Details not found