CVE-2025-10965: Deserialization in LazyAGI LazyLLM
A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllm_call of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-10965: Deserialization in LazyAGI LazyLLM
Description
A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllm_call of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-09-25T10:11:23.733Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68d5da069e21be37e937d04c
Added to database: 9/26/2025, 12:10:46 AM
Last updated: 9/26/2025, 12:10:46 AM
Views: 1
Related Threats
CVE-2025-21056: CWE-20 Improper Input Validation in Samsung Mobile Retail Mode
MediumCVE-2025-59422: CWE-284: Improper Access Control in langgenius dify
MediumCVE-2025-10467: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System)
HighCVE-2025-59841: CWE-384: Session Fixation in FlagForgeCTF flagForge
CriticalCVE-2025-55557: n/a
UnknownActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.