CVE-2025-53630

Summary

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.

Affected Software

VendorProductVersion RangeStatus
ggml-orgllama.cpp< 26a48ad699d50b6268900062661bd22f3e792579affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow
  • CWE-680: CWE-680: Integer Overflow to Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References