CVE-2025-3677

Summary

A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function split_files/apply_delta_low_cpu_mem of the file fastchat/model/apply_delta.py. The manipulation leads to deserialization. An attack has to be approached locally.

Affected Software

VendorProductVersion RangeStatus
lm-sysfastchat0.2.0affected
lm-sysfastchat0.2.1affected
lm-sysfastchat0.2.2affected
lm-sysfastchat0.2.3affected
lm-sysfastchat0.2.4affected
lm-sysfastchat0.2.5affected
lm-sysfastchat0.2.6affected
lm-sysfastchat0.2.7affected
lm-sysfastchat0.2.8affected
lm-sysfastchat0.2.9affected
lm-sysfastchat0.2.10affected
lm-sysfastchat0.2.11affected
lm-sysfastchat0.2.12affected
lm-sysfastchat0.2.13affected
lm-sysfastchat0.2.14affected
lm-sysfastchat0.2.15affected
lm-sysfastchat0.2.16affected
lm-sysfastchat0.2.17affected
lm-sysfastchat0.2.18affected
lm-sysfastchat0.2.19affected
lm-sysfastchat0.2.20affected
lm-sysfastchat0.2.21affected
lm-sysfastchat0.2.22affected
lm-sysfastchat0.2.23affected
lm-sysfastchat0.2.24affected
lm-sysfastchat0.2.25affected
lm-sysfastchat0.2.26affected
lm-sysfastchat0.2.27affected
lm-sysfastchat0.2.28affected
lm-sysfastchat0.2.29affected
lm-sysfastchat0.2.30affected
lm-sysfastchat0.2.31affected
lm-sysfastchat0.2.32affected
lm-sysfastchat0.2.33affected
lm-sysfastchat0.2.34affected
lm-sysfastchat0.2.35affected
lm-sysfastchat0.2.36affected

Weaknesses

  • CWE-502: Deserialization
  • CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References