CVE-2025-12488
Published: 06 November 2025
Summary
CVE-2025-12488 is a critical-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
Deeper analysis
CVE-2025-12488 is a remote code execution vulnerability in oobabooga text-generation-webui stemming from reliance on untrusted inputs when processing the trust_remote_code parameter supplied to the load endpoint. The flaw arises from insufficient validation of the user-supplied argument before it is used to load a model, allowing arbitrary code execution in the context of the service account. The issue affects installations of the webui and carries a CVSS score of 9.8.
Unauthenticated remote attackers can exploit the vulnerability over the network by sending a crafted request to the load endpoint, achieving full control over the affected system without requiring user interaction or credentials.
A patch addressing the issue is available in the referenced commit to the text-generation-webui repository, and further details are provided in the Zero Day Initiative advisory ZDI-25-981.
The EPSS score for this CVE rose from a low starting value to a peak of 0.0284, indicating emerging exploitation interest after disclosure. The affected software is commonly used in AI/ML text-generation workflows.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-38157
Vulnerability details
oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…
more
handling of the trust_remote_code parameter provided to the load endpoint. The issue results from the lack of proper validation of a user-supplied argument before using it to load a model. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-26680.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: text-generation-webui
Related Threats
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Prevents reliance on untrusted matching results for security-relevant decisions by enforcing verification and contest procedures.
Providing authoritative attributes with the data reduces the need for security decisions to rely on untrusted external inputs.
Reduces reliance on untrusted inputs by ensuring only authorized sources may supply data.