Cyber Resilience

CVE-2025-45146

CriticalPublic PoCRCE

Published: 11 August 2025

Published
11 August 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0138 80.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-45146 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Codefuse Modelcache. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

ModelCache for LLM through version 0.2.0 contains a deserialization vulnerability in the component /manager/data_manager.py that stems from unsafe handling of serialized data, tracked as CWE-502. The flaw received a CVSS 3.1 score of 9.8 and permits remote attackers to supply crafted input that results in arbitrary code execution on the affected system.

An unauthenticated network attacker can exploit the issue without user interaction by submitting malicious serialized payloads to the data manager, achieving full control over confidentiality, integrity, and availability of the target instance. The vulnerability is tied to LLM caching workflows and references unsafe usage patterns in PyTorch's torch.load function.

No mitigation guidance or patch details appear in the supplied references, which instead point to the vulnerable code locations and a public disclosure repository. The associated EPSS score has remained flat at 0.0138 with no material increase since publication.

EU & UK References

Vulnerability details

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Deserialization vulnerability in /manager/data_manager.py enables remote arbitrary code execution via crafted data, facilitating exploitation of a public-facing application.

CVEs Like This One

CVE-2025-49837Shared CWE-502
CVE-2025-49838Shared CWE-502
CVE-2025-49841Shared CWE-502
CVE-2025-49840Shared CWE-502
CVE-2025-49839Shared CWE-502
CVE-2024-13770Shared CWE-502
CVE-2026-27303Shared CWE-502
CVE-2025-53586Shared CWE-502
CVE-2025-64353Shared CWE-502
CVE-2025-31047Shared CWE-502

Affected Assets

codefuse
modelcache
≤ 0.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the deserialization vulnerability in ModelCache /manager/data_manager.py by applying patches or updates to versions beyond v0.2.0.

prevent

Validates all supplied data inputs to the vulnerable data_manager.py component to reject crafted deserialization payloads that enable arbitrary code execution.

prevent

Enforces access controls on the endpoint exposing data_manager.py, preventing unauthenticated remote attackers from supplying malicious data.

References