CVE-2025-53002

Name of the Vulnerable Software and Affected Versions: LLaMA-Factory versions up to and including 0.9.3

Description: A remote code execution issue was discovered in LLaMA-Factory during the training process. This issue arises because the vhead file is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system by passing a malicious Checkpoint path parameter through the "WebUI" interface. The attack is stealthy, as the victim remains unaware of the exploitation. The root cause is that the vhead file argument is loaded without the secure parameter weights only=True.

Recommendations: For versions up to and including 0.9.3, upgrade to version 0.9.4 to patch the issue. As a temporary workaround, consider setting the weights only=True parameter when loading the vhead file argument to prevent exploitation. Restrict access to the WebUI interface to minimize the risk of exploitation until the issue is resolved.