Tencent Technical Engineering

Jul 1, 2025 · Information Security

How Wukong AI Agent Uncovered a Critical RCE Vulnerability in LLaMA‑Factory (CVE‑2025‑53002)

This article details how the Wukong AI Agent automatically audited the popular LLaMA‑Factory project, discovered a high‑severity remote code execution vulnerability (CVE‑2025‑53002) caused by unsafe torch.load usage, reported it to the maintainers, and demonstrated the official fix that adds a secure weights_only flag.