High severityOSV Advisory· Published Dec 26, 2025· Updated Dec 26, 2025
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
CVE-2025-67729
Description
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file. This issue has been patched in version 0.11.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lmdeployPyPI | < 0.11.1 | 0.11.1 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-9pf3-7rrr-x5jhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-67729ghsaADVISORY
- github.com/InternLM/lmdeploy/commit/eb04b4281c5784a5cff5ea639c8f96b33b3ae5eeghsax_refsource_MISCWEB
- github.com/InternLM/lmdeploy/security/advisories/GHSA-9pf3-7rrr-x5jhghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.