CVE-2025-10965 is a security vulnerability identified in the LazyAGI project's LazyLLM product, specifically affecting versions 0.6.0 and 0.6.1. The vulnerability resides in the function lazyllm_call within the file lazyllm/components/deploy/relay/server.py. It involves unsafe deserialization, a common security flaw where untrusted data is deserialized without proper validation or sanitization. This can allow an attacker to manipulate serialized input data to execute arbitrary code or cause unexpected behavior remotely. The vulnerability is exploitable over the network without requiring user interaction or prior authentication, making it a remote code execution risk vector. The CVSS 4.0 base score is 5.3, indicating a medium severity level. The vector details show the attack is network-based (AV:N), requires low attack complexity (AC:L), no privileges (PR:L) but some limited privileges are needed, no user interaction (UI:N), and impacts confidentiality, integrity, and availability to a low extent (VC:L, VI:L, VA:L). The scope remains unchanged (S:N), and the exploitability is partially functional (E:P). Although no public exploits are currently known in the wild, the vulnerability has been publicly disclosed, increasing the risk of exploitation. The lack of patches or mitigation links suggests that fixes may not yet be available or widely distributed. This vulnerability is critical to address in environments using LazyLLM, especially where the affected versions are deployed in production or exposed to untrusted networks, as it could lead to unauthorized code execution or system compromise through crafted serialized payloads.

For European organizations, the impact of this vulnerability can be significant, particularly for those leveraging LazyLLM in AI or automation workflows. Exploitation could lead to unauthorized access, data leakage, or disruption of AI services, affecting confidentiality, integrity, and availability of critical systems. Organizations in sectors such as finance, healthcare, manufacturing, and government that rely on AI-driven decision-making or automation could face operational disruptions or data breaches. The remote exploitability without user interaction increases the risk of automated attacks or worm-like propagation within networks. Additionally, the medium severity score indicates that while the vulnerability is not the most critical, it still poses a tangible threat that could be leveraged as a foothold for further lateral movement or privilege escalation within enterprise environments. Given the increasing adoption of AI frameworks in Europe, this vulnerability could undermine trust in AI deployments and lead to regulatory scrutiny under GDPR if personal data is compromised.

To mitigate this vulnerability, European organizations should: 1) Immediately identify and inventory all instances of LazyLLM versions 0.6.0 and 0.6.1 in their environments. 2) Apply vendor patches or updates as soon as they become available; if no official patch exists, consider disabling or isolating affected components until a fix is released. 3) Implement network segmentation and firewall rules to restrict access to LazyLLM services, limiting exposure to untrusted networks. 4) Employ input validation and sanitization on all serialized data inputs to prevent malicious payloads from being processed. 5) Monitor network traffic and logs for unusual deserialization activity or anomalies indicative of exploitation attempts. 6) Use application-layer security controls such as Web Application Firewalls (WAFs) with custom rules to detect and block suspicious serialized payloads. 7) Conduct security assessments and penetration testing focusing on deserialization vulnerabilities in AI frameworks. 8) Educate development and operations teams about secure coding practices around serialization and deserialization to prevent similar issues in future releases.