CVE-2025-53002 | hiyouga LLaMA-Factory up to 0.9.3 vhead_file path code injection (GHSA-xj56-p8mm-qmxj)

A vulnerability was found in hiyouga LLaMA-Factory up to 0.9.3. It has been declared as critical. Affected by this vulnerability is the function vhead_file. The manipulation of the argument path leads to code injection.

This vulnerability is known as CVE-2025-53002. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More