A critical remote code execution vulnerability has been identified in multiple oobabooga products. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on the server running the affected software, potentially leading to a complete system compromise, data theft, or service disruption. Due to the critical severity and ease of exploitation, immediate remediation is required.

The vulnerability exists within the text-generation-webui component, specifically related to the trust_remote_code functionality. The application improperly relies on and executes code from untrusted remote sources, such as AI models or configuration files, without sufficient validation or sandboxing. A remote attacker can craft a malicious model or provide a specially crafted input that, when loaded or processed by the application, will execute arbitrary code with the privileges of the web application's user account.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the underlying server. Potential consequences include theft of sensitive data such as proprietary AI models, training datasets, and user information; deployment of ransomware; or using the compromised system as a pivot point to attack other internal network resources. The direct business risks include significant financial loss, theft of intellectual property, reputational damage, and major operational downtime.

Immediate Action: The primary remediation is to apply the vendor-supplied security patches immediately. Administrators should update all instances of oobabooga Multiple Products to the latest version. Refer to the official oobabooga security advisory for specific patch information and installation instructions.

Proactive Monitoring: After patching, security teams should monitor for any signs of compromise. This includes reviewing web server access logs for unusual requests related to model loading, monitoring for unexpected outbound network connections from the host server, and checking for any suspicious processes or files created on the system.

Compensating Controls: If immediate patching is not feasible, the following compensating controls can reduce risk:

• Restrict network access to the text-generation-webui interface to only trusted IP addresses.
• Run the application in a hardened, minimal-privilege container or sandboxed environment to limit the impact of a potential compromise.
• If possible within the application's configuration, disable the ability to load models or code from untrusted remote sources.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) of this remote code execution vulnerability, we strongly recommend that organizations prioritize patching all affected systems immediately. This vulnerability represents a significant and immediate risk to the confidentiality, integrity, and availability of the affected servers and the data they process. Although CVE-2025-12487 is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion. All remediation and monitoring activities for this vulnerability should be treated with the highest urgency.