Skip to content

Hide Navigation Hide TOC

ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6)

Detects exploitation of CVE-2025-45146 (CVSS 9.8), arbitrary code execution in ModelCache for LLM through v0.2.0 via deserialization in /manager/data_manager.py. ModelCache calls torch.load() (PyTorch's pickle-backed deserialization) on attacker-supplied data; pickle's reduce machinery allows code execution at load time. Detects the malicious pickle / torch payload patterns at content level and the unsafe torch.load() invocation patterns at code level. CWE-502.

Cluster A Galaxy A Cluster B Galaxy B Level
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6) Agent Threat Rules 1
ML Supply Chain Compromise (d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9) MITRE ATLAS Attack Pattern ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6) Agent Threat Rules 1
ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6) Agent Threat Rules Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 1
ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6) Agent Threat Rules Backdoor ML Model (c704a49c-abf0-4258-9919-a862b1865469) MITRE ATLAS Attack Pattern 1
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 2