PT-2025-22859 · Unknown · Funaudiollm Inspiremusic
Ybdesire
·
Publicado
2025-05-25
·
Atualizado
2025-05-25
·
CVE-2025-5148
CVSS v3.1
5.3
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd
Description
A critical issue was found in the function
load state dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. This issue leads to deserialization and can be exploited locally.Recommendations
Apply the patch 784cbf8dde2cf1456ff808aeba23177e1810e7a9 to fix this issue. As a temporary workaround, consider disabling the
load state dict function until the patch is applied.Correção
RCE
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Funaudiollm Inspiremusic