AVID-2026-R1705

Description

LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py (CVE-2025-46567)

Details

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the llamafy_baichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load() on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0.

Reason for inclusion in AVID: The CVE targets LLaMA-Factory, a tool used in AI model fine-tuning pipelines. It describes arbitrary code execution via unsafe deserialization of user-supplied model binaries, a software vulnerability within a component used to build/deploy AI systems. This directly affects the software supply chain for general-purpose AI systems (model training/fine-tuning tooling) and is CVE-documented with a patch. Therefore, it should be kept for AVID curation as a software supply-chain vulnerability in AI ecosystems.

References

• NVD entry
• https://github.com/hiyouga/LLaMA-Factory/security/advisories/GHSA-f2f7-gj54-6vpv
• https://github.com/hiyouga/LLaMA-Factory/commit/2989d39239d2f46e584c1e1180ba46b9768afb2a

Affected or Relevant Artifacts

• Developer: Meta
• Deployer: hiyouga
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2025-05-01
• Version: 0.3.3
• AVID Entry