CVE-2025-4701

Name of the Vulnerable Software and Affected Versions: VITA-MLLM Freeze-Omni up to 20250421

Description: A problematic issue has been found, affecting the torch.load function in the models/utils.py file. The manipulation of the path argument leads to deserialization, allowing an attack to be launched on the local host.

Recommendations: For VITA-MLLM Freeze-Omni up to 20250421, consider disabling the torch.load function as a temporary workaround until a patch is available. Restrict access to the models/utils.py file to minimize the risk of exploitation. Avoid using the path argument in the affected function until the issue is resolved.