Description

The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized `.mdl` payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. Note that the payload file is a hidden file, making it difficult for the victim to detect tampering. More importantly, during the model training process, after the `.mdl` file is loaded and executes arbitrary code, the normal training process remains unaffected'meaning the user remains unaware of the arbitrary code execution.

INFO

Published Date :

2025-08-01T00:00:00.000Z

Last Modified :

2025-08-01T17:17:49.928Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-50472 vulnerability.

Vendors Products
Modelscope
  • Ms Swift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-50472.

URL Resource
https://github.com/modelscope/ms-swift/blob/ab38bff0387a86fd9f068246c326ee7b0d5ed139/swift/hub/utils/caching.py#L141 cve-icon cve-icon
https://github.com/xhjy2020/CVE-2025-50472 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact