Integer Overflow Vulnerability in llama.cpp Affecting Multiple LLM Models
CVE-2025-53630

8.9HIGH

Key Information:

Vendor: Ggml-org
Status: Llama.cpp
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-53630?

This vulnerability within llama.cpp allows for an integer overflow in the gguf_init_from_file_impl function, leading to potential heap out-of-bounds read and write operations. Exploitation of this flaw can have significant implications for the integrity and security of applications utilizing llama.cpp, as it may allow unauthorized access to memory. The issue has been addressed in a recent commit, ensuring that developers can protect their implementations from potential exploitation.

Affected Version(s)

llama.cpp < 26a48ad699d50b6268900062661bd22f3e792579

References

https://github.com/ggml-org/llama.cpp/security/advisories...

x_refsource_CONFIRM

https://github.com/ggml-org/llama.cpp/commit/26a48ad699d5...

x_refsource_MISC

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Jul 7, 2025

Ggml-org

What is CVE-2025-53630?

Affected Version(s)

References

CVSS V4

Timeline