"-Synchronized-Data."

2025-06-07 13:37:31 +00:00 · 2025-05-25 13:00:33 +00:00 · 2025-05-25 13:00:33 +00:00 · ce0d909c30
commit ce0d909c30
parent f89c36f4f9
1 changed files with 115 additions and 4 deletions
--- a/2025/5xxx/CVE-2025-5148.json
+++ b/2025/5xxx/CVE-2025-5148.json
@ -1,17 +1,128 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-5148",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 784cbf8dde2cf1456ff808aeba23177e1810e7a9. It is recommended to apply a patch to fix this issue."
+            },
+            {
+                "lang": "deu",
+                "value": "Es wurde eine kritische Schwachstelle in FunAudioLLM InspireMusic bis bf32364bcb0d136497ca69f9db622e9216b029dd ausgemacht. Hiervon betroffen ist die Funktion load_state_dict der Datei inspiremusic/cli/model.py der Komponente Pickle Data Handler. Durch die Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden. Der Patch wird als 784cbf8dde2cf1456ff808aeba23177e1810e7a9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Deserialization",
+                        "cweId": "CWE-502"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper Input Validation",
+                        "cweId": "CWE-20"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "FunAudioLLM",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "InspireMusic",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "bf32364bcb0d136497ca69f9db622e9216b029dd"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.310236",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.310236"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.310236",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.310236"
+            },
+            {
+                "url": "https://vuldb.com/?submit.573800",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.573800"
+            },
+            {
+                "url": "https://github.com/FunAudioLLM/InspireMusic/issues/53",
+                "refsource": "MISC",
+                "name": "https://github.com/FunAudioLLM/InspireMusic/issues/53"
+            },
+            {
+                "url": "https://github.com/FunAudioLLM/InspireMusic/issues/53#issuecomment-2866688220",
+                "refsource": "MISC",
+                "name": "https://github.com/FunAudioLLM/InspireMusic/issues/53#issuecomment-2866688220"
+            },
+            {
+                "url": "https://github.com/FunAudioLLM/InspireMusic/commit/784cbf8dde2cf1456ff808aeba23177e1810e7a9",
+                "refsource": "MISC",
+                "name": "https://github.com/FunAudioLLM/InspireMusic/commit/784cbf8dde2cf1456ff808aeba23177e1810e7a9"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "ybdesire (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 5.3,
+                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 5.3,
+                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 4.3,
+                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
            }
        ]
    }