Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-zjy9-y575-dkh2
Summary
Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Accelerate. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27985.
Aliases
0
alias CVE-2025-14925
Fixed_packages
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14925.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14925.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14925
reference_id
reference_type
scores
0
value 0.00415
scoring_system epss
scoring_elements 0.62095
published_at 2026-06-11T12:55:00Z
1
value 0.00415
scoring_system epss
scoring_elements 0.62197
published_at 2026-06-12T12:55:00Z
2
value 0.00415
scoring_system epss
scoring_elements 0.62208
published_at 2026-06-13T12:55:00Z
3
value 0.00415
scoring_system epss
scoring_elements 0.62206
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14925
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2424745
reference_id 2424745
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2424745
3
reference_url https://access.redhat.com/errata/RHSA-2026:2695
reference_id RHSA-2026:2695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2695
4
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
5
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
6
reference_url https://www.zerodayinitiative.com/advisories/ZDI-25-1140/
reference_id ZDI-25-1140
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-26T16:08:57Z/
url https://www.zerodayinitiative.com/advisories/ZDI-25-1140/
Weaknesses
0
cwe_id 502
name Deserialization of Untrusted Data
description The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Exploits
Severity_range_score7.8 - 7.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-zjy9-y575-dkh2