AI/ML, Vulnerability Management

AI/ML libraries vulnerable to remote code execution via metadata

Security vulnerabilities have been discovered in popular AI and ML Python libraries, including NeMo, Uni2TS, and FlexTok, which are widely used in Hugging Face models. These flaws allow remote attackers to embed malicious code within file metadata, which can then be executed automatically when the file is loaded, with further coverage provided by The Register.

The vulnerabilities stem from the use of the Hydra library's "instantiate()" function within NeMo, Uni2TS, and FlexTok. Attackers can exploit this function by crafting malicious metadata that, when loaded, can lead to remote code execution (RCE). Palo Alto Networks' Unit 42 identified these flaws, which affect libraries created by Nvidia, Salesforce, and Apple in collaboration with EPFL VILAB. While no in-the-wild exploitation has been observed, the potential for abuse is significant, especially given that Hugging Face does not always flag files using its specific formats as potentially unsafe. Salesforce has confirmed remediation of Uni2TS in July 2025, and Nvidia has released fixes and CVEs for NeMo, while Apple and EPFL VILAB have updated FlexTok.

The reliance on libraries like Hydra and the complex dependencies within AI model development necessitate robust security practices, including thorough metadata sanitization and the implementation of allow-lists or block-lists for configuration loading. 

Source: The Register

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds