CVE-2025-67729 – lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

CVE ID : CVE-2025-67729

Published : Dec. 26, 2025, 9:54 p.m. | 28 minutes ago

Description : LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim’s machine when they load a malicious .bin or .pt model file. This issue has been patched in version 0.11.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…