CVE-2025-5148: 
Python vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-5148) was discovered in FunAudioLLM InspireMusic up to version bf32364bcb0d136497ca69f9db622e9216b029dd. The vulnerability affects the load_state_dict function in the inspiremusic/cli/model.py file, specifically in the Pickle Data Handler component. The issue was disclosed on May 25, 2025, and has been assigned CVSS v3.1 score of 5.3 (MEDIUM) and CVSS v4.0 score of 4.8 (MEDIUM) (NVD, Wiz).

The vulnerability stems from the unsafe use of torch.load function without the weights_only=True parameter in the model loading process. This implementation could allow for arbitrary code execution during the deserialization of untrusted data. The vulnerability has received a CVSS v4.0 vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N, and a CVSS v3.1 vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (NVD).

The vulnerability allows attackers to create malicious files containing crafted pickle data that, when loaded by the torch.load function, can execute arbitrary code during the deserialization process. This can result in unauthorized system access, data leakage, or modification of system settings (GitHub Issue).

A patch has been released (commit 784cbf8dde2cf1456ff808aeba23177e1810e7a9) that adds the weights_only=True parameter to the torch.load function calls. Users are recommended to update their installations to include this security fix (GitHub Commit).