{"id":"CVE-2025-45146","details":"ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.","modified":"2026-03-14T08:45:33.221267Z","published":"2025-08-11T16:15:30.200Z","references":[{"type":"WEB","url":"https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/data_manager.py#L84C1-L84C43"},{"type":"WEB","url":"https://github.com/codefuse-ai/ModelCache/blob/e053e0d57b532d4ad9378d2f31bb85a009b77d64/modelcache/manager/factory.py#L18C1-L18C71"},{"type":"ARTICLE","url":"https://pytorch.org/docs/stable/generated/torch.load.html"},{"type":"EVIDENCE","url":"https://github.com/EDMPL/Vulnerability-Research/blob/main/CVE-2025-45146/README.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/codefuse-ai/ModelCache","events":[{"introduced":"0"},{"last_affected":"e6cfcb8352dadc972e492f9a50a0bbc8ee69cc2f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.2.0"}]}}],"versions":["release-v0.1.2","release-v0.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45146.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}