CVE-2025-14930 is a deserialization of untrusted data vulnerability (CWE-502) found in Hugging Face Transformers version 4.57.1, specifically within the GLM4 model weight parsing functionality. The flaw arises because the software does not properly validate or sanitize user-supplied data before deserializing it, which can lead to remote code execution (RCE). An attacker can craft malicious serialized data that, when parsed by the vulnerable Transformers library, executes arbitrary code in the context of the process running the library. Exploitation requires user interaction, such as opening a malicious file or visiting a malicious webpage that triggers the deserialization. The vulnerability affects confidentiality, integrity, and availability since arbitrary code execution can lead to data theft, system compromise, or denial of service. The CVSS 3.0 score is 7.8 (high), with attack vector local (user must interact), low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability all rated high. No patches are currently linked, so users must monitor for updates. This vulnerability is significant for organizations leveraging Hugging Face Transformers in AI/ML pipelines, especially where untrusted data inputs are processed. The vulnerability was assigned by ZDI (ZDI-CAN-28309) and published on 2025-12-23.

For European organizations, this vulnerability poses a significant risk, particularly those engaged in AI research, development, and deployment using Hugging Face Transformers. Successful exploitation could lead to full system compromise, data breaches, and disruption of AI services. Confidential data processed by AI models could be exfiltrated, and attackers could pivot within networks. The requirement for user interaction somewhat limits mass exploitation but targeted attacks against high-value entities remain feasible. Organizations relying on automated pipelines that ingest external or user-generated model weights are especially vulnerable. The impact extends to sectors such as finance, healthcare, and critical infrastructure where AI models are increasingly integrated. Disruption or compromise of AI systems could undermine trust and operational continuity. Additionally, the lack of a current patch increases exposure time. Given the strategic importance of AI in Europe’s digital economy, this vulnerability could have broader economic and reputational consequences.

1. Immediately audit all AI/ML workflows using Hugging Face Transformers version 4.57.1 to identify exposure to untrusted serialized data inputs. 2. Restrict or block ingestion of model weights or serialized data from untrusted or unauthenticated sources. 3. Implement strict input validation and sanitization for any data deserialized by the Transformers library. 4. Employ sandboxing or containerization to isolate processes handling model weights to limit impact of potential code execution. 5. Monitor official Hugging Face repositories and security advisories closely for patches or updates addressing CVE-2025-14930 and apply them promptly. 6. Educate users about the risks of opening files or visiting links from untrusted sources to reduce user interaction exploitation vectors. 7. Use runtime application self-protection (RASP) or endpoint detection and response (EDR) tools to detect anomalous behavior indicative of exploitation attempts. 8. Review and harden network segmentation to prevent lateral movement if compromise occurs. 9. Consider disabling or limiting features that automatically load or parse external model weights until a fix is available.