CVE-2025-5148 is a medium severity vulnerability affecting FunAudioLLM's InspireMusic product, specifically in the load_state_dict function within the inspiremusic/cli/model.py file. The vulnerability arises from unsafe deserialization of data handled by the Pickle Data Handler component. Deserialization vulnerabilities occur when untrusted input is deserialized, potentially allowing attackers to execute arbitrary code or manipulate program state. In this case, the vulnerability requires local access with low privileges (PR:L) and does not require user interaction (UI:N). The attack vector is local (AV:L), meaning an attacker must have some form of local access to the system running InspireMusic. The vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:L, VI:L, VA:L). The product uses a rolling release model, so exact affected versions are identified by commit hashes rather than traditional version numbers. A patch identified by commit 784cbf8dde2cf1456ff808aeba23177e1810e7a9 is available to address this issue. The CVSS 4.0 base score is 4.8, reflecting a medium severity rating due to the local attack vector and limited impact scope. No known exploits are currently reported in the wild. The vulnerability is rooted in the insecure handling of Python pickle deserialization, which is a common source of security issues when deserializing untrusted data. Since the vulnerability requires local access, it is less likely to be exploited remotely but remains a risk if an attacker gains local foothold or if the system is used in multi-user environments where privilege separation is weak.

For European organizations, the impact of CVE-2025-5148 depends largely on the deployment context of FunAudioLLM InspireMusic. If InspireMusic is used in environments where multiple users have local access, such as shared workstations or development environments, an attacker with limited privileges could exploit this vulnerability to escalate privileges or execute arbitrary code, potentially leading to data leakage or system compromise. The vulnerability could also be leveraged as part of a multi-stage attack where an attacker first gains limited local access and then exploits this flaw to deepen their control. The impact on confidentiality, integrity, and availability is limited but non-negligible, especially in sensitive environments handling proprietary audio data or intellectual property. Given the local attack vector, remote exploitation is unlikely, reducing the risk for organizations that restrict physical and local access to trusted personnel. However, organizations with lax endpoint security or those using InspireMusic in collaborative or multi-user settings should be cautious. The rolling release nature of the product means that organizations must maintain up-to-date builds to ensure they have the patch applied, which could be challenging for some operational environments.

1. Apply the patch identified by commit 784cbf8dde2cf1456ff808aeba23177e1810e7a9 immediately to all affected InspireMusic installations. 2. Restrict local access to systems running InspireMusic to trusted users only, implementing strict access controls and user privilege separation. 3. Monitor local user activities and audit logs for unusual behavior that could indicate exploitation attempts. 4. If possible, configure InspireMusic or its environment to avoid deserializing untrusted or user-supplied data. 5. Employ application whitelisting and endpoint protection solutions to detect and block unauthorized code execution. 6. Educate users and administrators about the risks of deserialization vulnerabilities and the importance of applying updates promptly. 7. For organizations using InspireMusic in multi-user or shared environments, consider isolating the application in containers or virtual machines to limit the blast radius of a potential exploit. 8. Implement network segmentation and endpoint hardening to reduce the likelihood of an attacker gaining initial local access.