PT-2025-16292 · Unknown · Xorbits Inference

Ybdesire

Published

2025-04-15

Updated

2025-04-16

CVE-2025-3622

CVSS v2.0

5.2

Medium

Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Xorbits Inference versions up to 1.4.1

Description A critical vulnerability has been found in Xorbits Inference, affecting the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization.

Recommendations For Xorbits Inference versions up to 1.4.1, consider disabling the function load of the file xinference/thirdparty/cosyvoice/cli/model.py as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

CVE-2025-3622

Affected Products

Xorbits Inference

PT-2025-16292 · Unknown · Xorbits Inference

CVE-2025-3622

Weakness Enumeration

Related Identifiers

Affected Products

References · 13