SB2025103155 - Multiple vulnerabilities in oobabooga text-generation-webui

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025103155

SB2025103155 - Multiple vulnerabilities in oobabooga text-generation-webui

Published: October 31, 2025

Security Bulletin ID SB2025103155
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Reliance on Untrusted Inputs in a Security Decision (CVE-ID: CVE-2025-12488)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to lack of proper validation of a user-supplied argument before using it to load a model within the handling of the trust_remote_code parameter provided to the load endpoint. A remote attacker can execute arbitrary code on the system.


2) Reliance on Untrusted Inputs in a Security Decision (CVE-ID: CVE-2025-12487)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to lack of proper validation of a user-supplied argument before using it to load a model within the handling of the trust_remote_code parameter provided to the join endpoint. A remote attacker can execute arbitrary code on the system.


Remediation

Install update from vendor's website.

References