CVE-2025-3162

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-3162

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3162.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-3162

Aliases

GHSA-7vc5-mjwp-c8fq

Published

2025-04-03T15:15:53.277Z

Modified

2026-04-02T12:47:01.150046Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function loadweightckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/internlm/lmdeploy

Affected ranges

Type

GIT

Repo

https://github.com/internlm/lmdeploy

Events

Introduced

Last affected

c4d5bd978f64ff5a2c534207bdf7febba0fb0a77

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.1"
        }
    ]
}

Affected versions

0.*

0.6.5

v0.*

v0.0.10

v0.0.11

v0.0.12

v0.0.13

v0.0.14

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.1.0

v0.1.0a0

v0.1.0a1

v0.1.0a2

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.5.0

v0.5.1

v0.5.2

v0.5.2.post1

v0.5.3

v0.6.0

v0.6.0a0

v0.6.1

v0.6.2

v0.6.2.post1

v0.6.3

v0.6.4

v0.7.0

v0.7.0.post1

v0.7.0.post2

v0.7.0.post3

v0.7.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3162.json"