CVE-2025-50460

CriticalRCE

Published: 01 August 2025

Published

01 August 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0414 88.7th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50460 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of untrusted YAML configuration inputs to block unsafe deserialization and prevent arbitrary code execution.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the deserialization flaw by upgrading PyYAML to 5.4+ and replacing yaml.load() with yaml.safe_load().

RA-5 Vulnerability Monitoring and Scanning partial match

preventdetect

Vulnerability scanning identifies the unsafe PyYAML usage and ms-swift code flaw for patching before exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.006 Python Execution

Adversaries may abuse Python commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Direct RCE via unsafe YAML deserialization enables remote exploitation of public-facing app (T1190) and arbitrary Python command execution (T1059.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file…

passed to the --run_config parameter, arbitrary code can be executed during deserialization. This can lead to full system compromise. The vulnerability is triggered when a malicious YAML file is loaded, allowing the execution of arbitrary Python commands such as os.system(). It is recommended to upgrade PyYAML to version 5.4 or higher, and to use yaml.safe_load() to mitigate the issue.

Deeper analysisAI

CVE-2025-50460 is a remote code execution (RCE) vulnerability in the ms-swift project version 3.3.0, stemming from unsafe deserialization in the tests/run.py script. The issue arises from the use of yaml.load() from the PyYAML library in versions 5.3.1 and earlier, which allows arbitrary code execution when processing untrusted YAML input. This affects users running ms-swift who pass YAML configuration files to the --run_config parameter, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-502 (Deserialization of Untrusted Data).

An attacker who can control the content of the YAML configuration file supplied to the --run_config parameter can exploit this vulnerability remotely with low complexity and no required privileges or user interaction. Upon deserialization, the malicious YAML triggers execution of arbitrary Python commands, such as os.system(), potentially leading to full system compromise on the host running the ms-swift tests.

Advisories, including GHSA-6757-jp84-gxfx, recommend upgrading PyYAML to version 5.4 or higher and switching to yaml.safe_load() to prevent unsafe deserialization of untrusted input. The ms-swift project repository and specific code at tests/run.py line 420 highlight the vulnerable location.

This vulnerability affects ms-swift, part of the ModelScope ecosystem for AI model handling, underscoring risks in testing scripts for ML workflows where configuration files may be sourced externally. No public evidence of real-world exploitation has been reported as of the CVE publication on 2025-08-01.

Details

CWE(s): CWE-502

CVEs Like This One

CVE-2025-62373Shared CWE-502

CVE-2025-27780Shared CWE-502

CVE-2024-9701Shared CWE-502

CVE-2026-24186Shared CWE-502

CVE-2025-24016Shared CWE-502

CVE-2026-26210Shared CWE-502

CVE-2025-2000Shared CWE-502

CVE-2025-27781Shared CWE-502

CVE-2025-23045Shared CWE-502

CVE-2026-25632Shared CWE-502

References

https://github.com/Anchor0221/CVE-2025-50460
cve@mitre.org
https://github.com/advisories/GHSA-6757-jp84-gxfx
cve@mitre.org
https://github.com/modelscope/ms-swift
cve@mitre.org
https://github.com/modelscope/ms-swift/blob/main/tests/run.py#L420
cve@mitre.org
https://github.com/Anchor0221/CVE-2025-50460
134c704f-9b21-4f2e-91b3-4a467353bcc0