CVE-2025-5173 is a medium-severity deserialization vulnerability identified in the HumanSignal label-studio-ml-backend, specifically affecting the function 'load' within the file 'label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py'. The vulnerability arises from improper handling of the 'path' argument, which leads to unsafe deserialization. Deserialization vulnerabilities occur when untrusted input is deserialized without sufficient validation, potentially allowing an attacker to execute arbitrary code or manipulate program state. In this case, the vulnerability requires local access with low privileges (PR:L) and no user interaction (UI:N), meaning an attacker must have some level of local access to exploit it. The attack vector is local (AV:L), and the vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:L, VI:L, VA:L). The product uses a rolling release model, so specific fixed versions are not clearly defined. No known exploits are currently reported in the wild. The CVSS 4.0 base score is 4.8, reflecting a medium severity. The vulnerability does not require authentication (AT:N) but does require local privileges, limiting remote exploitation potential. The affected component is part of the PT File Handler, which likely processes files related to machine learning models or data. Exploitation could lead to code execution or data manipulation on the host running the label-studio-ml-backend service, potentially compromising the integrity and confidentiality of machine learning workflows or data processed by the system.

For European organizations using HumanSignal's label-studio-ml-backend, especially those involved in machine learning, data annotation, or AI model deployment, this vulnerability poses a risk of local privilege escalation or unauthorized code execution. While remote exploitation is not feasible, insider threats or compromised local accounts could leverage this vulnerability to manipulate machine learning models or data, potentially undermining data integrity and confidentiality. This could affect sectors relying on AI workflows such as automotive, healthcare, finance, and research institutions. Additionally, any disruption or manipulation of ML pipelines could impact decision-making processes or automated systems, leading to operational disruptions. Given the increasing adoption of AI and ML tools in Europe, the vulnerability could have a moderate impact on organizations that do not enforce strict local access controls or do not apply timely updates. However, the requirement for local access reduces the likelihood of widespread exploitation, limiting the scope primarily to environments where multiple users have local system access or where attackers have already gained some foothold.

European organizations should implement strict local access controls and limit user privileges on systems running label-studio-ml-backend to trusted personnel only. Employing application whitelisting and monitoring for unusual local activity can help detect exploitation attempts. Since the product uses rolling releases, organizations should subscribe to HumanSignal's update channels and apply patches or updates promptly once available. Additionally, sandboxing the label-studio-ml-backend process or running it within containerized environments can reduce the impact of potential exploitation. Organizations should also audit and restrict file system permissions to prevent unauthorized manipulation of files passed to the vulnerable 'load' function. Implementing host-based intrusion detection systems (HIDS) to monitor deserialization-related anomalies and conducting regular security assessments of ML infrastructure will further reduce risk. Finally, educating local users about the risks of executing untrusted code or files can help prevent accidental exploitation.