CVE-2025-10164 | lmsys sglang 0.4.6 update_weights_from_tensor main serialized_named_tensors deserialization

Inserito da Angelo Barbosa | Set 9, 2025 | CVE

A vulnerability described as critical has been identified in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization.

This vulnerability is reported as CVE-2025-10164. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10164 | lmsys sglang 0.4.6 update_weights_from_tensor main serialized_named_tensors deserialization

Post correlati

CVE-2024-13016 | PHPGurukul Maid Hiring Management System 1.0 /admin/edit-category.php editid sql injection

CVE-2025-4277 | Insyde H2O up to 05.71.20 Tcg2Smm input validation

CVE-2024-8648 | GitLab Community Edition/Enterprise Edition up to 17.3.6/17.4.3/17.5.1 Analytics Dashboard cross site scripting (Issue 486220)

CVE-2024-8917 | AnWP Football Leagues Plugin up to 0.16.7 on WordPress SVG File Upload cross site scripting