Vulnerability Description
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Internlm | Lmdeploy | <= 0.7.1 |
Related Weaknesses (CWE)
References
- https://github.com/InternLM/lmdeploy/issues/3254ExploitIssue TrackingThird Party Advisory
- https://github.com/InternLM/lmdeploy/issues/3254#issue-2918865448ExploitIssue TrackingThird Party Advisory
- https://vuldb.com/?ctiid.303109Permissions RequiredVDB Entry
- https://vuldb.com/?id.303109Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.542527Third Party AdvisoryVDB Entry
- https://github.com/InternLM/lmdeploy/issues/3254ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2025-3163?
CVE-2025-3163 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation...
How severe is CVE-2025-3163?
CVE-2025-3163 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-3163?
Check the references section above for vendor advisories and patch information. Affected products include: Internlm Lmdeploy.