Remote Code Execution Vulnerability in LLaMA-Factory by Hiyouga
CVE-2025-53002

8.3HIGH

Key Information:

Vendor

Hiyouga

Status
Llama-factory
Vendor
CVE Published:
26 June 2025

What is CVE-2025-53002?

A remote code execution vulnerability was identified in LLaMA-Factory, which is a tuning library for large language models. The flaw occurs during the training process when the application loads the vhead_file without implementing appropriate safeguards. This oversight allows attackers to exploit the vulnerability by passing a malicious Checkpoint path parameter through the WebUI, enabling arbitrary code execution on the host system without user awareness. The issue arises from the lack of the secure parameter weights_only=True during file loading. Users are advised to upgrade to version 0.9.4, which addresses and resolves this security issue.

Affected Version(s)

LLaMA-Factory < 0.9.4

References

https://github.com/hiyouga/LLaMA-Factory/security/advisor...
x_refsource_CONFIRM
https://github.com/hiyouga/LLaMA-Factory/commit/bb7bf5155...
x_refsource_MISC
https://drive.google.com/file/d/1AddKm2mllsXfuvL4Tvbn_WJd...
x_refsource_MISC

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53002 : Remote Code Execution Vulnerability in LLaMA-Factory by Hiyouga