CVE-2025-5173 – HumanSignal Label Studio ML Backend Deserialization Vulnerability

May 26, 2025

CVE ID : CVE-2025-5173

Published : May 26, 2025, 7:15 a.m. | 1 hour, 56 minutes ago

Description : A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization. An attack has to be approached locally. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5174 – Erdogant PyPickle Deserialization Vulnerability

Next Article CVE-2025-41441 – Mailform Pro CGI Information Disclosure

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Smashing Animations Part 4: Optimising SVGs

I test AI tools for a living. Here are 3 image generators I actually use and how

The world’s smallest 65W USB-C charger is my latest travel essential

This Spotlight alternative for Mac is my secret weapon for AI-powered search

Tech prophet Mary Meeker just dropped a massive report on AI trends – here’s your TL;DR

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Simplify Negative Relation Queries with Laravel’s whereDoesntHaveRelation Methods

Cast Model Properties to a Uri Instance in 12.17

My Favorite Obsidian Plugins and Their Hidden Settings

My Favorite Obsidian Plugins and Their Hidden Settings

Rilasciata /e/OS 3.0: Nuova Vita per Android Senza Google, Più Privacy e Controllo per l’Utente

Rilasciata Oracle Linux 9.6: Scopri le Novità e i Miglioramenti nella Sicurezza e nelle Prestazioni

CVE-2025-5173 – HumanSignal Label Studio ML Backend Deserialization Vulnerability

HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability — Urges Immediate Patch Upgrade

CISA Adds Qualcomm Vulnerabilities to KEV Catalog

CVE-2025-5177 – Realce Tecnologia Queue Ticket Kiosk Cross-Site Scripting Vulnerability

Here’s how you can hack your Xbox 360 with just a USB stick (Spoiler: it’s easy!)

APPLE-SA-04-16-2025-3 tvOS 18.4.1

Is this Windows 11 feature a handy tool or a way to shame those who don’t pay for Microsoft services?

State Actor Made Three Attempts to Breach B.C. Government Networks

Best way to plug in several sub flows as part of a single one in Cypress?

Rilasciata Arch Linux Enhance Xenial (ALEX) aggiornata a maggio 2025

AlphaGeometry: An Olympiad-level AI system for geometry

CVE-2025-5173 – HumanSignal Label Studio ML Backend Deserialization Vulnerability

Related Posts