High severityNVD Advisory· Published Jul 10, 2025· Updated Apr 15, 2026

CVE-2025-53630

Description

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.

Patches

26a48ad699d5

https://github.com/ggml-org/llama.cppvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579nvd
github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000