CVE-2025-45146
Published: 11 August 2025
Summary
CVE-2025-45146 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Codefuse Modelcache. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Data-Related Vulnerabilities risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the deserialization vulnerability in ModelCache /manager/data_manager.py by applying patches or updates to versions beyond v0.2.0.
Validates all supplied data inputs to the vulnerable data_manager.py component to reject crafted deserialization payloads that enable arbitrary code execution.
Enforces access controls on the endpoint exposing data_manager.py, preventing unauthenticated remote attackers from supplying malicious data.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization vulnerability in /manager/data_manager.py enables remote arbitrary code execution via crafted data, facilitating exploitation of a public-facing application.
NVD Description
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.
Deeper analysisAI
CVE-2025-45146 is a deserialization vulnerability (CWE-502) affecting ModelCache for LLM through version v0.2.0, specifically in the component /manager/data_manager.py. Published on 2025-08-11, it allows attackers to execute arbitrary code by supplying crafted data. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its severe potential impact.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. By providing specially crafted data, they achieve arbitrary code execution on the targeted system, compromising confidentiality, integrity, and availability to a high degree.
References point to a vulnerability research README at https://github.com/EDMPL/Vulnerability-Research/blob/main/CVE-2025-45146/README.md, vulnerable code in data_manager.py (lines 84-84) and factory.py (line 18) from the ModelCache repository at commit e053e0d57b532d4ad9378d2f31bb85a009b77d64 (https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/data_manager.py#L84C1-L84C43 and https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/factory.py#L18C1-L18C71), and PyTorch documentation for torch.load (https://pytorch.org/docs/stable/generated/torch.load.html), indicating unsafe deserialization as the root cause.
This issue is relevant to AI/ML environments, as ModelCache is designed for large language models and leverages PyTorch components. No real-world exploitation has been reported in the available details.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- ModelCache is a caching tool specifically for LLMs, handling model data and caches, which aligns with APIs and Models category as it manages LLM model outputs and related data processing.