CVE-2025-45146

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-45146

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

M

odelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.

References
Link Resource
https://github.com/EDMPL/Vulnerability-Research/blob/main/CVE-2025-45146/README.md Exploit Third Party Advisory
https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/data_manager.py#L84C1-L84C43 Product
https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/factory.py#L18C1-L18C71 Product
https://pytorch.org/docs/stable/generated/torch.load.html Technical Description
Configurations

Configuration 1 (hide)

cpe:2.3:a:codefuse:modelcache:*:*:*:*:*:*:*:*
History

17 Oct 2025, 18:06

Type Values Removed Values Added
First Time Codefuse
Codefuse modelcache
CPE cpe:2.3:a:codefuse:modelcache:*:*:*:*:*:*:*:*
References () https://github.com/EDMPL/Vulnerability-Research/blob/main/CVE-2025-45146/README.md - () https://github.com/EDMPL/Vulnerability-Research/blob/main/CVE-2025-45146/README.md - Exploit, Third Party Advisory
References () https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/data_manager.py#L84C1-L84C43 - () https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/data_manager.py#L84C1-L84C43 - Product
References () https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/factory.py#L18C1-L18C71 - () https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/factory.py#L18C1-L18C71 - Product
References () https://pytorch.org/docs/stable/generated/torch.load.html - () https://pytorch.org/docs/stable/generated/torch.load.html - Technical Description

11 Aug 2025, 18:32

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-11 16:15

Updated : 2025-10-17 18:06

NVD link : CVE-2025-45146

Mitre link : CVE-2025-45146

CVE.ORG link : CVE-2025-45146

JSON object : View

Products Affected

codefuse

CWE
CWE-502

Deserialization of Untrusted Data