CVE-2025-53002: 
Python vulnerability analysis and mitigation

CVE-2025-53002 is a remote code execution vulnerability discovered in LLaMA-Factory, a tuning library for large language models. The vulnerability affects versions up to and including 0.9.3 and was disclosed on June 26, 2025. The vulnerability exists in the LLaMA-Factory training process where the vhead_file is loaded without proper safeguards (GitHub Advisory, NVD).

The vulnerability stems from the vhead_file argument being loaded without the secure parameter weights_only=True. This security flaw allows attackers to execute arbitrary malicious code on the host system by passing a malicious Checkpoint path parameter through the WebUI interface. The vulnerability has been assigned a CVSS v3.1 base score of 8.3 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H. The vulnerability is associated with CWE-94 (Improper Control of Generation of Code) and CWE-502 (Deserialization of Untrusted Data) (GitHub Advisory, Wiz).

The exploitation of this vulnerability allows remote attackers to execute arbitrary malicious code and OS commands on the server, potentially compromise sensitive data, escalate privileges, and deploy malware or create persistent backdoors in the system. The attack is particularly concerning as it remains stealthy, with the victim unaware of the exploitation (GitHub Advisory).

The vulnerability has been fixed in version 0.9.4 of LLaMA-Factory. The fix involves adding the secure parameter weightsonly=True when loading the vheadfile. Users are strongly advised to upgrade to version 0.9.4 or later to mitigate this vulnerability (GitHub Advisory, Wiz).