CVE-2025-3162

Severity CVSS v4.0:
MEDIUM
Type:
CWE-20 Input Validation
Publication date:
03/04/2025
Last modified:
23/04/2025

Description

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:internlm:lmdeploy:*:*:*:*:*:*:*:* 0.7.1 (including)