216.73.217.24

CVE-2025-5148

· Published 25/05/2025 12:15 · Modified 25/05/2025 12:15

Labels: CVE-2025-5148 2025-05-25CVE-2025-5148CWE-20[email protected]

Essential information

Published
25/05/2025 12:15
Modified
25/05/2025 12:15
Author
Creator
CVSS
4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
funaudiollm / inspiremusic cpe:2.3:a:funaudiollm:inspiremusic:*:*:*:*:*:*:*:*

References