Server-Side Request Forgery and Local File Inclusion in LLaMA-Factory by Hiyouga
CVE-2025-61784

7.6HIGH

Key Information:

Vendor: Hiyouga
Status: Llama-factory
Vendor: CVE Published:; 7 October 2025

What is CVE-2025-61784?

The LLaMA-Factory tuning library for large language models has a vulnerability in its chat API that allows authenticated users to exploit a Server-Side Request Forgery (SSRF). This flaw enables unauthorized HTTP requests to internal and external systems, which can lead to exposure of confidential services and aid in reconnaissance of the internal network. Additionally, a Local File Inclusion (LFI) vulnerability allows users to access arbitrary files from the server's filesystem. The issue arises from the _process_request function in src/llamafactory/api/chat.py that inadequately validates URIs before making HTTP requests, making it susceptible to both SSRF and LFI attacks. The vulnerability has been resolved in version 0.9.4, which implements necessary validations and sanitizations.

Affected Version(s)

LLaMA-Factory < 0.9.4

References

https://github.com/hiyouga/LLaMA-Factory/security/advisor...

x_refsource_CONFIRM

https://github.com/hiyouga/LLaMA-Factory/commit/95b718809...

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Sep 30, 2025

JSON