CVE-2025-5148

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd

Description A critical issue was found in the function load state dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. This issue leads to deserialization and can be exploited locally.

Recommendations Apply the patch 784cbf8dde2cf1456ff808aeba23177e1810e7a9 to fix this issue. As a temporary workaround, consider disabling the load state dict function until the patch is applied.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-502

Related Identifiers

CVE-2025-5148

GHSA-PGP9-G5Q8-J3WP

Affected Products

Funaudiollm Inspiremusic

CVE-2025-5148

Weakness Enumeration

Related Identifiers

Affected Products

References · 13