CVE-2025-3677 is a deserialization vulnerability identified in the lm-sys fastchat software, specifically affecting versions 0.2.0 through 0.2.36. The vulnerability resides in the function split_files/apply_delta_low_cpu_mem within the file fastchat/model/apply_delta.py. Deserialization vulnerabilities occur when untrusted input is deserialized without sufficient validation, potentially allowing an attacker to execute arbitrary code or manipulate program logic. In this case, the vulnerability arises due to improper input validation during the deserialization process, which can be exploited by manipulating the input to the affected function. However, exploitation requires local access, meaning an attacker must have the ability to execute code or interact with the system locally to trigger the vulnerability. There are no known exploits in the wild at this time, and no official patches have been linked yet. The vulnerability has been classified as medium severity by the source, but given the nature of deserialization flaws and the critical tag in the description, it warrants careful consideration. The vulnerability impacts confidentiality, integrity, and availability depending on the payload delivered via deserialization, but the local access requirement limits the attack surface. The affected product, fastchat by lm-sys, is a software component likely used in AI or chat-related applications, which may be deployed in various organizational environments.

For European organizations, the impact of this vulnerability depends largely on the deployment context of lm-sys fastchat. If fastchat is integrated into internal communication platforms, AI chatbots, or customer service automation tools, exploitation could lead to unauthorized code execution, data manipulation, or service disruption. This could compromise sensitive data confidentiality, alter data integrity, or cause denial of service, impacting business operations. The local access requirement reduces the risk of remote exploitation but raises concerns about insider threats or compromised internal systems. Organizations with lax internal access controls or those that allow untrusted users to execute code locally are at higher risk. Additionally, if fastchat is embedded in critical infrastructure or services, the consequences could be more severe. The lack of known exploits suggests limited immediate threat, but the potential for future exploitation remains. Given the medium severity and local attack vector, the overall impact is moderate but should not be underestimated, especially in environments with high-value data or critical operations.

1. Restrict local access strictly: Implement robust access controls and user privilege management to ensure only trusted users can execute code or interact with the fastchat environment locally. 2. Monitor and audit local activity: Deploy monitoring solutions to detect unusual local behavior or attempts to exploit deserialization vulnerabilities. 3. Apply input validation and sanitization: Where possible, review and harden the deserialization logic in fastchat, adding strict validation to inputs before deserialization occurs. 4. Isolate fastchat instances: Run fastchat in sandboxed or containerized environments to limit the impact of any potential exploitation. 5. Keep software updated: Monitor lm-sys releases for patches addressing this vulnerability and apply them promptly once available. 6. Conduct internal security training: Educate staff about the risks of local exploitation and the importance of maintaining secure local environments. 7. Implement application whitelisting and endpoint protection: Prevent unauthorized code execution locally that could trigger the vulnerability. 8. Review deployment architecture: Avoid exposing fastchat to untrusted local users or environments where malicious actors could gain local access.