CVE-2025-50461

Name of the Vulnerable Software and Affected Versions: Volcengine versions 3.0.0

Description: A deserialization vulnerability exists in Volcengine's scripts/model merger.py script when using the "fsdp" backend. The script calls torch.load() with weights only=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted model file is loaded. An attacker can exploit this by convincing a victim to download and place a malicious model file in a local directory with a specific filename pattern. This vulnerability may lead to arbitrary code execution with the privileges of the user running the script.

Recommendations: Volcengine version 3.0.0: Avoid using the "fsdp" backend with user-supplied .pt files. As a temporary workaround, consider restricting access to the scripts/model merger.py script to minimize the risk of exploitation.