CVE-2025-14925

Name of the Vulnerable Software and Affected Versions Hugging Face Accelerate (affected versions not specified)

Description A flaw exists in Hugging Face Accelerate that allows remote attackers to execute arbitrary code on affected systems. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The issue stems from insufficient validation of user-supplied data during the parsing of checkpoints, leading to the deserialization of untrusted data. An attacker can exploit this to execute code within the current process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.