SCA: security update for llamafactory (GHSA-527m-2xhr-j27g)

high Tenable Self-Hosted Container Security Plugin ID 439056

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request
Forgery (SSRF) vulnerability in the chat API allows any authenticated user to force the server to make
arbitrary HTTP requests to internal and external networks. This can lead to the exposure of sensitive
internal services, reconnaissance of the internal network, or interaction with third-party services. The
same mechanism also allows for a Local File Inclusion (LFI) vulnerability, enabling users to read
arbitrary files from the server's filesystem. The vulnerability exists in the `_process_request` function
within `src/llamafactory/api/chat.py.` This function is responsible for processing incoming multimodal
content, including images, videos, and audio provided via URLs. The function checks if the provided URL is
a base64 data URI or a local file path (`os.path.isfile`). If neither is true, it falls back to treating
the URL as a web URI and makes a direct HTTP GET request using `requests.get(url, stream=True).raw`
without any validation or sanitization of the URL. Version 0.9.4 fixes the underlying issue.
(CVE-2025-61784)

Solution

Update the llamafactory library and its related packages to version 0.9.4 or later.

See Also

https://github.com/advisories/GHSA-527m-2xhr-j27g

Plugin Details

Severity: High

ID: 439056

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 3/20/2026

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

Percentile: 96.93

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

CVSS Score Source: CVE-2025-61784

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/7/2025

Vulnerability Publication Date: 10/7/2025

Reference Information

CVE: CVE-2025-61784