CVE-2025-50472

Name of the Vulnerable Software and Affected Versions modelscope/ms-swift versions through 2.6.1

Description The modelscope/ms-swift library is susceptible to arbitrary code execution through the deserialization of untrusted data. This occurs within the load model meta() function of the ModelFileSystemCache() class, utilizing pickle.load() on data originating from potentially untrusted sources. Attackers can exploit this by crafting a malicious serialized .mdl payload, leading to remote code execution (RCE). The malicious payload is a hidden file, making detection difficult. The normal training process remains unaffected after the execution of arbitrary code.

Recommendations versions prior to 2.7