CVE-2025-46567

Name of the Vulnerable Software and Affected Versions LLaMA-Factory version prior to 1.0.0

Description LLaMA Factory enables fine-tuning of large language models. A critical issue exists in the llamafy baichuan2.py script, which performs insecure deserialization using torch.load() on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file that executes arbitrary commands during deserialization.

Recommendations For versions prior to 1.0.0, update to version 1.0.0 to resolve the issue. As a temporary workaround, consider disabling the llamafy baichuan2.py script or restricting access to the input directory to minimize the risk of exploitation. Avoid using the torch.load() function on untrusted .bin files until the issue is resolved.