CVE-2025-4742

Name of the Vulnerable Software and Affected Versions: XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856

Description: A vulnerability has been found in the function main of the file grpo vanilla.py. The manipulation leads to deserialization. Local access is required to approach this attack. The product uses continuous delivery with rolling releases, so no version details of affected or updated releases are available.

Recommendations: For XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856, as a temporary workaround, consider restricting access to the main function in the grpo vanilla.py file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.