Search criteria
2 vulnerabilities found for InspireMusic by FunAudioLLM
CVE-2025-5148 (GCVE-0-2025-5148)
Vulnerability from cvelistv5 – Published: 2025-05-25 12:00 – Updated: 2025-05-28 17:38
VLAI?
Title
FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization
Summary
A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue.
Severity ?
5.3 (Medium)
5.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FunAudioLLM | InspireMusic |
Affected:
bf32364bcb0d136497ca69f9db622e9216b029dd
|
Credits
ybdesire (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:27:11.859740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:38:41.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Pickle Data Handler"
],
"product": "InspireMusic",
"vendor": "FunAudioLLM",
"versions": [
{
"status": "affected",
"version": "bf32364bcb0d136497ca69f9db622e9216b029dd"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ybdesire (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in FunAudioLLM InspireMusic bis bf32364bcb0d136497ca69f9db622e9216b029dd ausgemacht. Hiervon betroffen ist die Funktion load_state_dict der Datei inspiremusic/cli/model.py der Komponente Pickle Data Handler. Durch die Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden. Der Patch wird als 784cbf8dde2cf1456ff808aeba23177e1810e7a9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-25T12:00:10.198Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310236 | FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310236"
},
{
"name": "VDB-310236 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310236"
},
{
"name": "Submit #573800 | FunAudioLLM InspireMusic 0.0 Deserialization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.573800"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/FunAudioLLM/InspireMusic/issues/53"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/FunAudioLLM/InspireMusic/issues/53#issuecomment-2866688220"
},
{
"tags": [
"patch"
],
"url": "https://github.com/FunAudioLLM/InspireMusic/commit/784cbf8dde2cf1456ff808aeba23177e1810e7a9"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-24T18:30:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5148",
"datePublished": "2025-05-25T12:00:10.198Z",
"dateReserved": "2025-05-24T16:25:39.206Z",
"dateUpdated": "2025-05-28T17:38:41.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5148 (GCVE-0-2025-5148)
Vulnerability from nvd – Published: 2025-05-25 12:00 – Updated: 2025-05-28 17:38
VLAI?
Title
FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization
Summary
A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue.
Severity ?
5.3 (Medium)
5.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FunAudioLLM | InspireMusic |
Affected:
bf32364bcb0d136497ca69f9db622e9216b029dd
|
Credits
ybdesire (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:27:11.859740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:38:41.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Pickle Data Handler"
],
"product": "InspireMusic",
"vendor": "FunAudioLLM",
"versions": [
{
"status": "affected",
"version": "bf32364bcb0d136497ca69f9db622e9216b029dd"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ybdesire (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in FunAudioLLM InspireMusic bis bf32364bcb0d136497ca69f9db622e9216b029dd ausgemacht. Hiervon betroffen ist die Funktion load_state_dict der Datei inspiremusic/cli/model.py der Komponente Pickle Data Handler. Durch die Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden. Der Patch wird als 784cbf8dde2cf1456ff808aeba23177e1810e7a9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-25T12:00:10.198Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310236 | FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310236"
},
{
"name": "VDB-310236 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310236"
},
{
"name": "Submit #573800 | FunAudioLLM InspireMusic 0.0 Deserialization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.573800"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/FunAudioLLM/InspireMusic/issues/53"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/FunAudioLLM/InspireMusic/issues/53#issuecomment-2866688220"
},
{
"tags": [
"patch"
],
"url": "https://github.com/FunAudioLLM/InspireMusic/commit/784cbf8dde2cf1456ff808aeba23177e1810e7a9"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-24T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-24T18:30:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5148",
"datePublished": "2025-05-25T12:00:10.198Z",
"dateReserved": "2025-05-24T16:25:39.206Z",
"dateUpdated": "2025-05-28T17:38:41.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}