CVE-2025-3163

Source
https://cve.org/CVERecord?id=CVE-2025-3163
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3163.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-3163
Aliases
Published
2025-04-03T15:31:04.865Z
Modified
2026-07-08T08:10:22.150589689Z
Severity
  • 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
InternLM LMDeploy conf.py open code injection
Details

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/3xxx/CVE-2025-3163.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-74",
        "CWE-94"
    ]
}
References

Affected packages

Git / github.com/internlm/lmdeploy

Affected ranges

Type
GIT
Repo
https://github.com/internlm/lmdeploy
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:internlm:lmdeploy:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.7.0"
        },
        {
            "last_affected": "0.7.0"
        },
        {
            "introduced": "0.7.1"
        },
        {
            "last_affected": "0.7.1"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

0.*
0.7.0
0.7.1
v0.*
v0.7.0
v0.7.0.post1
v0.7.0.post2
v0.7.0.post3
v0.7.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3163.json"