CVE-2025-3163

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions InternLM LMDeploy versions up to 0.7.1

Description A critical vulnerability was found in InternLM LMDeploy, affecting the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection, and it is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Recommendations For InternLM LMDeploy versions up to 0.7.1, consider disabling the Open function of the file lmdeploy/docs/en/conf.py to prevent code injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-74

Related Identifiers

CVE-2025-3163

GHSA-JFVG-QM4P-473X

Affected Products

Internlm Lmdeploy

CVE-2025-3163

Weakness Enumeration

Related Identifiers

Affected Products

References · 14