Login Sign Up

CVE-2025-5173

5.3 MEDIUM
Deserialization

📋 TL;DR

This vulnerability in HumanSignal label-studio-ml-backend allows local attackers to execute arbitrary code through unsafe deserialization in the PT file handler. The issue affects users running vulnerable versions of the ML backend component. Attackers must have local access to the system to exploit this flaw.

💻 Affected Systems

Products:
  • HumanSignal label-studio-ml-backend
Versions: Up to commit 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf
Operating Systems: All platforms running Python
Default Config Vulnerable: ⚠️ Yes
Notes: This product uses rolling releases, so specific version numbers are not available. The vulnerability exists in the neural_nets.py file's load function.

📦 What is this software?

Label Studio Ml Backend by Humansignal

View all CVEs affecting Label Studio Ml Backend →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise and data exfiltration

🟠

Likely Case

Local user gains unauthorized code execution within the application context

🟢

If Mitigated

Attack contained to isolated environment with minimal impact

🌐 Internet-Facing: LOW - Requires local access for exploitation
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of the vulnerable function. The vulnerability involves unsafe deserialization of PT files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf

Vendor Advisory: https://github.com/HumanSignal/label-studio-ml-backend/issues/765

Restart Required: Yes

Instructions:

1. Update to the latest version of label-studio-ml-backend. 2. Verify the fix by checking that commit 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf is not in your version history. 3. Restart the ML backend service.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems running vulnerable versions

Disable vulnerable component

all

Disable or restrict usage of the PT file handler if not required

🧯 If You Can't Patch

  • Implement strict access controls to limit local user privileges
  • Monitor for suspicious file operations involving PT files in the label-studio-ml-backend directory

🔍 How to Verify

Check if Vulnerable:

Check if your label-studio-ml-backend version includes commit 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf or earlier

Check Version:

git log --oneline | head -20

Verify Fix Applied:

Verify your version is newer than commit 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf

📡 Detection & Monitoring

Log Indicators:

  • Unusual file operations in label-studio-ml-backend directory
  • Errors related to PT file deserialization

Network Indicators:

  • Local connections to ML backend service from unexpected sources

SIEM Query:

Process execution from label-studio-ml-backend with unusual arguments or file paths

📊 Metadata

CVE ID: CVE-2025-5173
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-20
EPSS Score: 0.04% exploit probability (12.8th percentile)
Published: May 26, 2025
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5173, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)