CVE-2025-14922 in Diffusers
Summary
by MITRE • 12/23/2025
Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Diffusers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27424.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 12/27/2025
The CVE-2025-14922 vulnerability represents a critical deserialization flaw within the Hugging Face Diffusers library, specifically affecting the CogView4 component. This vulnerability falls under the CWE-502 category, which addresses deserialization of untrusted data, a well-known weakness that has historically led to remote code execution exploits. The vulnerability exists in the checkpoint parsing functionality where the system fails to properly validate user-supplied data before processing it, creating an attack surface that can be exploited by malicious actors.
The technical implementation of this vulnerability stems from the improper handling of serialized data structures within the Diffusers library. When the CogView4 component processes checkpoint files, it does not perform adequate input validation or sanitization checks on the deserialized data. This allows an attacker to craft malicious checkpoint files that, when loaded by the vulnerable system, trigger arbitrary code execution. The vulnerability requires user interaction to be exploited, meaning that targets must either visit a malicious webpage or open a specially crafted file containing the malicious serialized data.
The operational impact of this vulnerability is severe as it enables remote code execution in the context of the current process, potentially allowing attackers to gain full control over affected systems. Attackers can leverage this weakness to execute malicious payloads, install backdoors, or escalate privileges within the compromised environment. The fact that exploitation requires user interaction provides some defense-in-depth but does not eliminate the threat, particularly in environments where users may encounter malicious content through web browsing or file attachments. This vulnerability directly maps to attack techniques documented in the MITRE ATT&CK framework under the T1059.001 category for command and scripting interpreter, as well as T1078 for valid accounts and T1203 for exploitation for client execution.
The attack vector for this vulnerability typically involves delivering malicious checkpoint files through social engineering tactics, web-based attacks, or compromised software distribution channels. Once a user interacts with the malicious content, the deserialization process executes the attacker's code within the context of the Diffusers application. The vulnerability's severity is compounded by the widespread adoption of Hugging Face Diffusers in machine learning and artificial intelligence applications, making numerous systems potentially vulnerable. Organizations using the Diffusers library for image generation or other AI tasks are at risk, particularly those that process untrusted checkpoint data or allow users to upload model files. The ZDI-CAN-27424 reference indicates this vulnerability was identified through coordinated disclosure channels, highlighting the importance of timely patching and security updates. Mitigation strategies should include immediate patching of affected versions, implementing strict input validation for checkpoint files, and deploying network segmentation to limit the potential impact of successful exploitation attempts.