CVE-2025-10965
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code through insecure deserialization in LazyAGI LazyLLM's lazyllm_call function. Attackers can exploit this to gain unauthorized access and control over affected systems. All users running LazyLLM versions up to 0.6.1 are affected.
💻 Affected Systems
- LazyAGI LazyLLM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.
Likely Case
Unauthorized access to the LazyLLM system allowing manipulation of AI models, data exfiltration, and potential privilege escalation.
If Mitigated
Limited impact if proper network segmentation and input validation are in place, potentially only affecting the LazyLLM service.
🎯 Exploit Status
Exploit has been publicly disclosed and requires minimal technical skill to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.6.2 or later
Vendor Advisory: https://github.com/LazyAGI/LazyLLM/issues/764
Restart Required: Yes
Instructions:
1. Update LazyLLM to version 0.6.2 or later using pip: pip install --upgrade lazyllm 2. Restart all LazyLLM services 3. Verify the update was successful
🔧 Temporary Workarounds
Network Isolation
linuxRestrict network access to LazyLLM services to trusted IPs only
iptables -A INPUT -p tcp --dport [LAZYLLM_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [LAZYLLM_PORT] -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate LazyLLM instances
- Deploy web application firewall with deserialization attack detection rules
🔍 How to Verify
Check if Vulnerable:
Check LazyLLM version: python -c "import lazyllm; print(lazyllm.__version__)" and verify if it's ≤0.6.1Check Version:
python -c "import lazyllm; print(lazyllm.__version__)"Verify Fix Applied:
After update, verify version is ≥0.6.2 and test the lazyllm_call function with safe input📡 Detection & Monitoring
Log Indicators:
- Unusual deserialization errors in LazyLLM logs
- Unexpected process spawns from LazyLLM service
- Abnormal network connections from LazyLLM host
Network Indicators:
- Malformed serialized objects sent to LazyLLM endpoints
- Unexpected outbound connections from LazyLLM server
SIEM Query:
source="lazyllm.logs" AND ("deserialization" OR "pickle" OR "marshal") AND severity=ERROR