CVE-2025-61784

Name of the Vulnerable Software and Affected Versions LLaMA-Factory versions prior to 0.9.4

Description LLaMA-Factory, a tuning library for large language models, contains a Server-Side Request Forgery (SSRF) issue in the chat API. Authenticated users can make the server send arbitrary HTTP requests to internal and external networks, potentially exposing sensitive internal services, allowing network reconnaissance, or interacting with third-party services. A Local File Inclusion (LFI) issue also exists, allowing users to read arbitrary files from the server's filesystem. The issue resides in the process request function within src/llamafactory/api/chat.py. This function processes multimodal content from URLs, and if the URL is not a base64 data URI or a local file path, it makes an HTTP GET request using requests.get(url, stream=True).raw without validating or sanitizing the URL.

Recommendations Update LLaMA-Factory to version 0.9.4 or later.