CVE-2025-67729
- EPSS 0.07%
- Veröffentlicht 26.12.2025 21:54:10
- Zuletzt bearbeitet 31.12.2025 21:31:22
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoi...
CVE-2025-3163
- EPSS 0.11%
- Veröffentlicht 03.04.2025 16:15:37
- Zuletzt bearbeitet 23.04.2025 15:31:12
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch...
CVE-2025-3162
- EPSS 0.13%
- Veröffentlicht 03.04.2025 15:15:53
- Zuletzt bearbeitet 23.04.2025 22:29:10
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to dese...