CVE-2025-61784
- EPSS 0.04%
- Veröffentlicht 07.10.2025 19:01:40
- Zuletzt bearbeitet 22.10.2025 18:00:50
LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery (SSRF) vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and ...
CVE-2025-53002
- EPSS 1.33%
- Veröffentlicht 26.06.2025 14:40:52
- Zuletzt bearbeitet 02.09.2025 17:49:44
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the `vh...
CVE-2025-46567
- EPSS 0.23%
- Veröffentlicht 01.05.2025 17:20:41
- Zuletzt bearbeitet 17.06.2025 14:19:39
LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torch.load()` o...
CVE-2024-52803
- EPSS 2.41%
- Veröffentlicht 21.11.2024 17:15:24
- Zuletzt bearbeitet 27.08.2025 16:42:48
LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malic...