CVE-2025-45146
Published: 11 August 2025
Summary
CVE-2025-45146 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Codefuse Modelcache. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
ModelCache for LLM through version 0.2.0 contains a deserialization vulnerability in the component /manager/data_manager.py that stems from unsafe handling of serialized data, tracked as CWE-502. The flaw received a CVSS 3.1 score of 9.8 and permits remote attackers to supply crafted input that results in arbitrary code execution on the affected system.
An unauthenticated network attacker can exploit the issue without user interaction by submitting malicious serialized payloads to the data manager, achieving full control over confidentiality, integrity, and availability of the target instance. The vulnerability is tied to LLM caching workflows and references unsafe usage patterns in PyTorch's torch.load function.
No mitigation guidance or patch details appear in the supplied references, which instead point to the vulnerable code locations and a public disclosure repository. The associated EPSS score has remained flat at 0.0138 with no material increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24154
Vulnerability details
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization vulnerability in /manager/data_manager.py enables remote arbitrary code execution via crafted data, facilitating exploitation of a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the deserialization vulnerability in ModelCache /manager/data_manager.py by applying patches or updates to versions beyond v0.2.0.
Validates all supplied data inputs to the vulnerable data_manager.py component to reject crafted deserialization payloads that enable arbitrary code execution.
Enforces access controls on the endpoint exposing data_manager.py, preventing unauthenticated remote attackers from supplying malicious data.