CVE-2025-67729
📋 TL;DR
LMDeploy versions before 0.11.1 have an insecure deserialization vulnerability where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows attackers to execute arbitrary code on systems that load malicious .bin or .pt model files. Anyone using vulnerable LMDeploy versions to load untrusted model files is affected.
💻 Affected Systems
- LMDeploy
📦 What is this software?
Lmdeploy by Internlm
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with remote code execution, data theft, and lateral movement within the network.
Likely Case
Arbitrary code execution with the privileges of the LMDeploy process, potentially leading to data exfiltration or system takeover.
If Mitigated
No impact if only trusted model files are loaded from secure sources.
🎯 Exploit Status
Exploitation requires the victim to load a malicious model file, which could be distributed through model repositories or shared files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.11.1
Vendor Advisory: https://github.com/InternLM/lmdeploy/security/advisories/GHSA-9pf3-7rrr-x5jh
Restart Required: No
Instructions:
1. Update LMDeploy to version 0.11.1 or later using pip: pip install --upgrade lmdeploy==0.11.1
2. Verify the update completed successfully
3. No restart required as this is a library update
🔧 Temporary Workarounds
Use only trusted model sources
allOnly load model files from trusted, verified sources and avoid downloading models from untrusted repositories.
Validate model files before loading
allImplement file validation checks or use digital signatures to verify model file integrity before loading.
🧯 If You Can't Patch
- Implement strict access controls to model files and only allow loading from trusted, internal repositories.
- Run LMDeploy in a sandboxed environment with minimal privileges to limit potential damage from exploitation.
🔍 How to Verify
Check if Vulnerable:
Check LMDeploy version: python -c "import lmdeploy; print(lmdeploy.__version__)" - if version is less than 0.11.1, system is vulnerable.Check Version:
python -c "import lmdeploy; print(lmdeploy.__version__)"Verify Fix Applied:
After updating, verify version is 0.11.1 or higher using the same command.📡 Detection & Monitoring
Log Indicators:
- Unexpected process execution from LMDeploy context
- Abnormal file system access patterns
- Suspicious network connections originating from LMDeploy processes
Network Indicators:
- Outbound connections to unexpected destinations from LMDeploy hosts
- Data exfiltration patterns
SIEM Query:
Process creation where parent process contains 'lmdeploy' AND (command line contains unusual executables OR destination IP is suspicious)