PT-2025-52378 · Hugging Face · Hugging Face Transformers Perceiver Model

The_Kernel_Panic

Publicado

2025-12-18

Atualizado

2026-01-21

CVE-2025-14920

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers Perceiver Model (affected versions not specified)

Description A flaw exists in the parsing of model files within Hugging Face Transformers Perceiver Model, stemming from insufficient validation of user-supplied data. This can lead to the deserialization of untrusted data, potentially allowing a remote attacker to execute code in the context of the current user. User interaction is required, as the target must visit a malicious page or open a malicious file to trigger the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2025-14920

PYSEC-2025-211

ZDI-25-1150

Produtos afetados

Hugging Face Transformers Perceiver Model

PT-2025-52378 · Hugging Face · Hugging Face Transformers Perceiver Model

CVE-2025-14920

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7