ggml-org llama.cpp src/llama-vocab.cpp llama_vocab::tokenize memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.5 | $0-$5k | 0.00 |
Summary
A vulnerability was found in ggml-org llama.cpp. It has been classified as critical. This affects the function llama_vocab::tokenize of the file src/llama-vocab.cpp. This manipulation causes memory corruption.
This vulnerability is tracked as CVE-2025-52566. The attack is restricted to local execution. No exploit exists.
Applying a patch is the recommended action to fix this issue.
Details
A vulnerability has been found in ggml-org llama.cpp (unknown version) and classified as critical. Affected by this vulnerability is the function llama_vocab::tokenize of the file src/llama-vocab.cpp. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior in tokens copying size comparison. Allowing heap-overflowing llama.cpp inferencing engine with carefully manipulated text input during tokenization process. This issue has been patched in version b5721.
The advisory is shared at github.com. This vulnerability is known as CVE-2025-52566 since 06/18/2025. The exploitation appears to be easy. An attack has to be approached locally. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 271154 (Linux Distros Unpatched Vulnerability : CVE-2025-52566), which helps to determine the existence of the flaw in a target environment.
Applying the patch dd6e6d0b6a4bbe3ebfc931d1eb14db2f2b1d70af is able to eliminate this problem. The bugfix is ready for download at github.com.
The vulnerability is also documented in the databases at Tenable (271154) and EUVD (EUVD-2025-19074). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.6VulDB Meta Temp Score: 7.5
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.8
NVD Vector: 🔍
CNA Base Score: 8.6
CNA Vector (GitHub_M): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 271154
Nessus Name: Linux Distros Unpatched Vulnerability : CVE-2025-52566
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: dd6e6d0b6a4bbe3ebfc931d1eb14db2f2b1d70af
Timeline
06/18/2025 🔍06/24/2025 🔍
06/24/2025 🔍
10/22/2025 🔍
Sources
Product: github.comAdvisory: GHSA-7rxv-5jhh-j6xx
Status: Confirmed
CVE: CVE-2025-52566 (🔍)
GCVE (CVE): GCVE-0-2025-52566
GCVE (VulDB): GCVE-100-313717
EUVD: 🔍
Entry
Created: 06/24/2025 08:07Updated: 10/22/2025 18:47
Changes: 06/24/2025 08:07 (66), 06/25/2025 01:31 (1), 06/27/2025 06:49 (1), 08/27/2025 16:25 (11), 10/22/2025 18:47 (2)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.