CVE-2025-3622
📋 TL;DR
A critical deserialization vulnerability in Xorbits Inference allows attackers to execute arbitrary code by manipulating the load function in the cosyvoice model component. This affects all users running Xorbits Inference versions up to 1.4.1. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- Xorbits Inference
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full system compromise, data theft, and lateral movement within the network.
Likely Case
Arbitrary code execution with the privileges of the Xorbits Inference service account, potentially leading to data exfiltration or service disruption.
If Mitigated
Limited impact due to network segmentation, minimal service privileges, and input validation controls.
🎯 Exploit Status
Deserialization vulnerabilities typically require crafting malicious payloads but can be exploited without authentication if the vulnerable endpoint is exposed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.2 or later
Vendor Advisory: https://github.com/xorbitsai/inference/issues/3190
Restart Required: Yes
Instructions:
1. Update Xorbits Inference to version 1.4.2 or later using pip: 'pip install --upgrade xinference>=1.4.2'. 2. Restart all Xorbits Inference services. 3. Verify the update with 'pip show xinference'.
🔧 Temporary Workarounds
Disable cosyvoice model loading
allTemporarily disable or restrict access to the vulnerable cosyvoice model loading functionality.
# Modify configuration to disable cosyvoice model endpoints or restrict network access
Network segmentation
allRestrict network access to Xorbits Inference services to trusted sources only.
# Use firewall rules to limit inbound connections to Xorbits Inference ports
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure of Xorbits Inference services.
- Run Xorbits Inference with minimal privileges and in isolated environments (containers/VMs).
🔍 How to Verify
Check if Vulnerable:
Check the installed Xorbits Inference version with 'pip show xinference' or 'xinference --version'. If version is 1.4.1 or earlier, the system is vulnerable.Check Version:
pip show xinference | grep VersionVerify Fix Applied:
After updating, verify the version is 1.4.2 or later using 'pip show xinference' and test that cosyvoice model loading functions normally without errors.📡 Detection & Monitoring
Log Indicators:
- Unusual model loading attempts, errors in deserialization, or unexpected process executions in Xorbits Inference logs.
Network Indicators:
- Suspicious requests to cosyvoice model endpoints, especially with unusual payloads.
SIEM Query:
source="xinference.log" AND ("deserialization error" OR "model.py" OR "cosyvoice")