CVE-2025-5173 – HumanSignal Label Studio ML Backend Deserialization Vulnerability

May 26, 2025

CVE ID : CVE-2025-5173

Published : May 26, 2025, 7:15 a.m. | 1 hour, 56 minutes ago

Description : A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization. An attack has to be approached locally. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5174 – Erdogant PyPickle Deserialization Vulnerability

Next Article CVE-2025-41441 – Mailform Pro CGI Information Disclosure

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-5173 – HumanSignal Label Studio ML Backend Deserialization Vulnerability

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

CVE-2025-53216 – ThemeUniver Glamer PHP RFI

CVE-2025-57773 – DataEase JNDI Injection Vulnerability

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

CVE-2025-7422 – Tenda O3V2 HTTPD Stack-Based Buffer Overflow Vulnerability

CVE-2025-33102 – IBM Concert Software Weak Cryptography Vulnerability

Thanks to Xbox’s price hike, the Series S is now more expensive than the PS5

Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices

Trusted Smart Interactive Whiteboard Dealer in Delhi for Education

CVE-2025-5173 – HumanSignal Label Studio ML Backend Deserialization Vulnerability

Related Posts