CVE-2025-67729
published 2025-12-26CVE-2025-67729: LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where…
PriorityP353high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.49%
38.2th percentile
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file. This issue has been patched in version 0.11.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| internlm | lmdeploy | < 0.11.1 | 0.11.1 |
| internlm | lmdeploy | >= 0 < 0.11.1 | 0.11.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
osv·2025-12-26
CVE-2025-67729 [HIGH] lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
## Summary
An insecure deserialization vulnerability exists in lmdeploy where `torch.load()` is called without the `weights_only=True` parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious `.bin` or `.pt` model file.
**CWE:** CWE-502 - Deserialization of Untrusted Data
---
## Details
Several locations in lmdeploy use `torch.load()` without the recommended `weights_only=True` security parameter. PyTorch's `torch.load()` uses Python's pickle module internally, which can execute arbitrary code during deserialization.
### Vulnerable Locations
**1. `lmdeploy/vl/model/utils.py` (Line 22)**
```python
de
GHSA
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
ghsa·2025-12-26
CVE-2025-67729 [HIGH] CWE-502 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
## Summary
An insecure deserialization vulnerability exists in lmdeploy where `torch.load()` is called without the `weights_only=True` parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious `.bin` or `.pt` model file.
**CWE:** CWE-502 - Deserialization of Untrusted Data
---
## Details
Several locations in lmdeploy use `torch.load()` without the recommended `weights_only=True` security parameter. PyTorch's `torch.load()` uses Python's pickle module internally, which can execute arbitrary code during deserialization.
### Vulnerable Locations
**1. `lmdeploy/vl/model/utils.py` (Line 22)**
```python
de
No detection rules found.
No public exploits indexed.
2025-12-26
Published