{"id":61030,"date":"2025-08-07T13:18:07","date_gmt":"2025-08-07T13:18:07","guid":{"rendered":""},"modified":"2025-09-04T22:36:56","modified_gmt":"2025-09-05T04:36:56","slug":"cve-2025-50472-arbitrary-code-execution-vulnerability-in-modelscope-ms-swift-library","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-50472-arbitrary-code-execution-vulnerability-in-modelscope-ms-swift-library\/","title":{"rendered":"CVE-2025-50472: Arbitrary Code Execution Vulnerability in modelscope\/ms-swift library<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-50472 is a critical vulnerability that resides in the modelscope\/ms-swift library up to and including version 2.6.1. The vulnerability allows an attacker to execute arbitrary code remotely by exploiting the deserialization of untrusted data in the `load_model_meta()` function. This flaw poses a serious threat to any system running the vulnerable software<\/a>, potentially leading to system compromise or leakage of sensitive data.
\nThe vulnerability is particularly concerning due<\/a> to the stealthy nature of its exploitation. The malicious payload is hidden, and the normal training process remains unaffected even after the arbitrary code execution<\/a>, making it extremely difficult for the user to detect any malicious activities. This blog post offers a detailed analysis of the vulnerability<\/a>, its potential impact, and the steps necessary to mitigate its risks.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-50472
\nSeverity: Critical (CVSS 9.8)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System Compromise<\/a>, Potential Data Leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n