CVE-2025-12487

Name of the Vulnerable Software and Affected Versions oobabooga text-generation-webui version 2.5

Description The software contains a remote code execution issue stemming from reliance on untrusted inputs. This allows attackers to execute arbitrary code on affected systems without authentication. The issue is related to the trust remote code parameter within the join endpoint. Insufficient validation of user-supplied arguments before loading a model enables an attacker to execute code in the context of the service account.

Recommendations Restrict access to the join endpoint. Disable the trust remote code parameter.