CVE-2025-5173 | HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf PT File neural_nets.py load path deserialization (Issue 765)

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization.

This vulnerability is known as CVE-2025-5173. An attack has to be approached locally. There is no exploit available.

This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

CVE-2025-5173 | HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf PT File neural_nets.py load path deserialization (Issue 765)

Post correlati

CVE-2025-27624 | Jenkins Sidepanel Widget cross-site request forgery

CVE-2024-4409 | WP-ViperGB Plugin up to 1.6.1 on WordPress cross-site request forgery

CVE-2024-8133 | D-Link DNS-1550-04 up to 20240814 HTTP POST Request /cgi-bin/hd_config.cgi cgi_FMT_R5_SpareDsk_DiskMGR f_source_dev command injection (SAP10383)

CVE-2025-23639 | Nazmul Ahsan MDC YouTube Downloader Plugin up to 3.0.0 on WordPress cross-site request forgery