Vulnerability Description
The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized `.mdl` payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. Note that the payload file is a hidden file, making it difficult for the victim to detect tampering. More importantly, during the model training process, after the `.mdl` file is loaded and executes arbitrary code, the normal training process remains unaffected'meaning the user remains unaware of the arbitrary code execution.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/modelscope/ms-swift/blob/ab38bff0387a86fd9f068246c326ee7b0d5e
- https://github.com/xhjy2020/CVE-2025-50472
FAQ
What is CVE-2025-50472?
CVE-2025-50472 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` c...
How severe is CVE-2025-50472?
CVE-2025-50472 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-50472?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.