Moderate severityNVD Advisory· Published Apr 3, 2025· Updated Apr 21, 2025
InternLM LMDeploy PT File utils.py load_weight_ckpt deserialization
CVE-2025-3162
Description
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lmdeployPyPI | <= 0.7.1 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/InternLM/lmdeploy/issues/3255ghsaexploitissue-trackingWEB
- github.com/advisories/GHSA-7vc5-mjwp-c8fqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-3162ghsaADVISORY
- vuldb.comghsathird-party-advisoryWEB
- github.com/InternLM/lmdeploy/issues/3255ghsaissue-trackingWEB
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.