Primary

Context

ModelCache Deserialization Vulnerability in Data Manager Component Allowing Arbitrary Code Execution

Vulnerability

A deserialization vulnerability has been identified in ModelCache for LLM, affecting versions through 0.2.0. The issue resides in the data_manager.py component, where attackers can execute arbitrary code by supplying crafted data. This vulnerability exploits Python's pickle deserialization, which is known to be insecure, allowing for the execution of arbitrary code during the unpickling process.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where ModelCache is running.

Reproduction

To reproduce this vulnerability, load a model cache file using PyTorch's torch.load() function without the weights_only parameter. This will trigger the deserialization process, where the crafted data can execute arbitrary code before the model is fully loaded.

Added: Aug 11, 2025, 4:17 PM

Updated: Aug 11, 2025, 6:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.4

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.4

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ModelCache Deserialization Vulnerability in Data Manager Component Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating