CVE-2025-5173: 
Python vulnerability analysis and mitigation

A vulnerability has been discovered in HumanSignal label-studio-ml-backend (up to commit 9fb7f4aa) affecting the load function in the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py component. The vulnerability was disclosed on May 26, 2025, and is tracked as CVE-2025-5173. The issue involves improper deserialization of untrusted data in the PT File Handler component (NVD, VulDB Entry).

The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data) and CWE-20 (Improper Input Validation). The issue stems from the load function using torch.load to deserialize data from a specified path without proper validation. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) and requires local access to exploit (NVD, GitHub Issue).

When torch.load is used to load malicious pickle data, it can lead to arbitrary code execution during the deserialization process. The vulnerability affects confidentiality, integrity, and availability of the system. Since pickle data can contain executable code, untrusted input could lead to serious security risks including remote code execution on the system running this code (GitHub Issue, VulDB Entry).

The product uses a rolling release approach for continuous delivery, and therefore specific version details for affected and updated releases are not available. It is recommended to replace the affected object with an alternative product or implement proper input validation before deserializing data (VulDB Entry).

The vulnerability was discovered and reported by XingTu Team of Legendsec at QI-ANXIN. The estimated price for an exploit is predicted to be in the range of USD $0-$5k (VulDB Entry).