CVE-2025-27779: Python Torch Load Without Weights Only
`torch.load()` is called inside `model_blender` without `weights_only=True`. The two checkpoint paths passed to this function originate from the Gradio Voice Blender tab and are attacker-controllable. By default, `torch.load` uses Python's `pickle` module to deserialize the checkpoint, which can execute arbitrary code embedded in a malicious file (e.g. via `
greprules fetch cve-2025-27779-python-torch-load-without-weights-only --engine opengrepDescription
`torch.load()` is called inside `model_blender` without `weights_only=True`. The two checkpoint paths passed to this function originate from the Gradio Voice Blender tab and are attacker-controllable. By default, `torch.load` uses Python's `pickle` module to deserialize the checkpoint, which can execute arbitrary code embedded in a malicious file (e.g. via `
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.