CVE-2025-5148 – FunAudioLLM InspireMusic Pickle Data Handler Deserialization Vulnerability

May 25, 2025

CVE ID : CVE-2025-5148

Published : May 25, 2025, 12:15 p.m. | 40 minutes ago

Description : A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleMidnightBSD is a BSD-derived operating system

Next Article CVE-2025-5147 – Netcore NBR1005GPEV2, NBR200V2, B6V2 Command Injection Vulnerability

Highlights

CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

June 16, 2025

CVE ID : CVE-2025-48992

Published : June 16, 2025, 11:15 p.m. | 1 hour, 34 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

My favorite lens and screen-cleaning kit keeps my tech spotless, and it only costs $8

AI’s biggest impact on your workforce is still to come – 3 ways to avoid getting left behind

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

I ran with Samsung’s Galaxy Watch 8 Classic, and it both humbled and motivated me

The details of TC39’s last meeting

The details of TC39’s last meeting

Online Examination System using PHP and MySQL

A tricky, educational quiz: it’s about time..

CAD Sketcher – constraint-based geometry sketcher

CAD Sketcher – constraint-based geometry sketcher

7 Best Free and Open Source Linux FTP Servers

Best Free and Open Source Alternatives to Autodesk FBX Review

CVE-2025-5148 – FunAudioLLM InspireMusic Pickle Data Handler Deserialization Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-6434 – Firefox Clickjacking Exception Page Delay Vulnerability

Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access

CVE-2025-46756 – Apache HTTP Server Unvalidated User Input

Elden Ring Nightreign: How to unlock the Duchess

CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

VeBrain: A Unified Multimodal AI Framework for Visual Reasoning and Real-World Robotic Control

AI Agents Act Like Employees With Root Access—Here’s How to Regain Control

Accelerate generative AI inference with NVIDIA Dynamo and Amazon EKS

CVE-2025-5148 – FunAudioLLM InspireMusic Pickle Data Handler Deserialization Vulnerability

Related Posts