Security vulnerabilities have been discovered in popular AI and ML Python libraries, including NeMo, Uni2TS, and FlexTok, which are widely used in Hugging Face models. These flaws allow remote attackers to embed malicious code within file metadata, which can then be executed automatically when the file is loaded, with further coverage provided by The Register.The vulnerabilities stem from the use of the Hydra library's "instantiate()" function within NeMo, Uni2TS, and FlexTok. Attackers can exploit this function by crafting malicious metadata that, when loaded, can lead to remote code execution (RCE). Palo Alto Networks' Unit 42 identified these flaws, which affect libraries created by Nvidia, Salesforce, and Apple in collaboration with EPFL VILAB. While no in-the-wild exploitation has been observed, the potential for abuse is significant, especially given that Hugging Face does not always flag files using its specific formats as potentially unsafe. Salesforce has confirmed remediation of Uni2TS in July 2025, and Nvidia has released fixes and CVEs for NeMo, while Apple and EPFL VILAB have updated FlexTok.The reliance on libraries like Hydra and the complex dependencies within AI model development necessitate robust security practices, including thorough metadata sanitization and the implementation of allow-lists or block-lists for configuration loading. Source: The Register
AI/ML, Vulnerability Management
AI/ML libraries vulnerable to remote code execution via metadata

An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



