CVE-2025-67729: lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

December 26, 2025 (updated December 27, 2025)

An insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim’s machine when they load a malicious .bin or .pt model file.

CWE: CWE-502 - Deserialization of Untrusted Data

References

github.com/InternLM/lmdeploy
github.com/InternLM/lmdeploy/commit/eb04b4281c5784a5cff5ea639c8f96b33b3ae5ee
github.com/InternLM/lmdeploy/security/advisories/GHSA-9pf3-7rrr-x5jh
github.com/advisories/GHSA-9pf3-7rrr-x5jh
nvd.nist.gov/vuln/detail/CVE-2025-67729

Code Behaviors & Features

Detect and mitigate CVE-2025-67729 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →