Description
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.
References
github.com/...5a009b77d64/modelcache/manager/data_manager.py
github.com/...31bb85a009b77d64/modelcache/manager/factory.py
pytorch.org/docs/stable/generated/torch.load.html
github.com/...ty-Research/blob/main/CVE-2025-45146/README.md
