CVE-2025-61784 | hiyouga LLaMA-Factory up to 0.9.3 Chat API chat.py path traversal (GHSA-527m-2xhr-j27g)

A vulnerability marked as critical has been reported in hiyouga LLaMA-Factory up to 0.9.3. Affected by this vulnerability is an unknown functionality of the file src/llamafactory/api/chat.py of the component Chat API. The manipulation leads to path traversal.

This vulnerability is traded as CVE-2025-61784. It is possible to initiate the attack remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More