CVE-2025-5173

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HumanSignal label-studio-ml-backend versions up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf

Description A vulnerability has been found in the function load of the file label-studio-ml-backend/label studio ml/examples/yolo/utils/neural nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization. An attack has to be approached locally. This product takes the approach of rolling releases to provide continuous delivery.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

CVE-2025-5173

GHSA-55G9-6C2X-GF8Q

Affected Products

Label-Studio-Ml-Backend

CVE-2025-5173

Weakness Enumeration

Related Identifiers

Affected Products

References · 11