Skip to content

Secure Cyber Vulnerability Management

  • Home
  • About Us
  • Our Services
  • Privacy Policy
  • Home
  • About Us
  • Our Services
  • Privacy Policy
19/12/2025
Zero-Day Initiative

ZDI-25-1150: (0Day) Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability

by Deepanshu Jha
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-14920.
  • Next ZDI-25-1151: (0Day) NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability
  • Previous ZDI-25-1149: (0Day) Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability

Comments are closed.

You may also like

ZDI-25-368: Trend Micro Endpoint Encryption BuildEnterpriseSearchString SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. Although authentication is required...

12/06/2025
Zero-Day Initiative

ZDI-25-1138: GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit...

18/12/2025
Zero-Day Initiative
Secure Cyber Vulnerability Management

Secure Cyber Vulnerability Management © 2026. All Rights Reserved.