Internlm Lmdeploy vulnerabilities

CVE-2025-67729 [HIGH] CWE-502 CVE-2025-67729: LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an inse LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a ma

CVE-2025-3163 [MEDIUM] CWE-74 CVE-2025-3163: A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affect A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CVE-2025-3162 [MEDIUM] CWE-20 CVE-2025-3162: A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affe A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be