CVE-2025-50460
published 2025-08-01CVE-2025-50460: A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.33%
81.4th percentile
A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to the --run_config parameter, arbitrary code can be executed during deserialization. This can lead to full system compromise. The vulnerability is triggered when a malicious YAML file is loaded, allowing the execution of arbitrary Python commands such as os.system(). It is recommended to upgrade PyYAML to version 5.4 or higher, and to use yaml.safe_load() to mitigate the issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pyyaml | pyyaml | >= 5.1b7 < 5.3.1 | 5.3.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
osv·2025-07-31
CVE-2020-1747 [LOW] MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
## Description
A Remote Code Execution (RCE) vulnerability exists in the [modelscope/ms-swift](https://github.com/modelscope/ms-swift) project due to unsafe use of `yaml.load()` in combination with vulnerable versions of the PyYAML library (≤ 5.3.1). The issue resides in the `tests/run.py` script, where a user-supplied YAML configuration file is deserialized using `yaml.load()` with `yaml.FullLoader`.
If an attacker can control or replace the YAML configuration file provided to the `--run_config` argument, they may inject a malicious payload that results in arbitrary code execution.
## Affected Repository
- **Project:** [modelscope/ms-swift](https://github.com/modelscope/ms-swift)
- **Affect versions:** latest
- **File:*
GHSA
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
ghsa·2025-07-31
CVE-2025-50460 [LOW] CWE-502 MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
## Description
A Remote Code Execution (RCE) vulnerability exists in the [modelscope/ms-swift](https://github.com/modelscope/ms-swift) project due to unsafe use of `yaml.load()` in combination with vulnerable versions of the PyYAML library (≤ 5.3.1). The issue resides in the `tests/run.py` script, where a user-supplied YAML configuration file is deserialized using `yaml.load()` with `yaml.FullLoader`.
If an attacker can control or replace the YAML configuration file provided to the `--run_config` argument, they may inject a malicious payload that results in arbitrary code execution.
## Affected Repository
- **Project:** [modelscope/ms-swift](https://github.com/modelscope/ms-swift)
- **Affect versions:** latest
- **File:*
OSV
Improper Input Validation in PyYAML
osv·2021-04-20
CVE-2020-1747 [CRITICAL] Improper Input Validation in PyYAML
Improper Input Validation in PyYAML
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-01
Published