A critical remote code execution (RCE) vulnerability has been identified in multiple oobabooga products, specifically within the text-generation-webui component. This flaw, tracked as CVE-2025-12488, allows an unauthenticated remote attacker to execute arbitrary code on the server, potentially leading to a complete system compromise, data theft, and service disruption. Due to its critical severity rating (CVSS 9.8), immediate remediation is required to prevent exploitation.

The vulnerability exists in the text-generation-webui's handling of model loading where the trust_remote_code parameter is enabled. The application improperly trusts and executes code embedded within models loaded from remote, untrusted sources. An attacker can exploit this by crafting a malicious model file and tricking a user or an automated process into loading it, which then executes the attacker's code with the permissions of the web UI application on the server.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the underlying server hosting the oobabooga software. The business impact includes the potential for significant data breaches, theft of sensitive intellectual property (including proprietary models and training data), service outages, and reputational damage. A compromised system could also be used as a pivot point to launch further attacks against the internal network, posing a severe risk to the entire organization.

Immediate Action: The primary remediation is to apply the vendor-supplied security patches immediately. Administrators should update oobabooga Multiple Products to the latest version as recommended in the official security advisory. After patching, it is crucial to review access and application logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring on affected servers. Look for suspicious outbound network connections, unexpected processes spawned by the text-generation-webui application, unusual CPU or memory utilization, and log entries indicating the loading of unknown or untrusted models. Monitor web server logs for unusual requests or payloads.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Restrict network access to the text-generation-webui interface to only trusted IP addresses.
• Place the application behind a Web Application Firewall (WAF) with rules designed to inspect and block malicious model-loading requests.
• Disable the ability to load models from untrusted remote sources if the functionality is not essential.
• Run the application in a sandboxed or containerized environment with minimal privileges to limit the impact of a potential compromise.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability represents a significant and immediate threat to the organization. We strongly recommend that all affected instances of oobabooga products be patched immediately, treating this as the highest priority. Although there is no evidence of active exploitation at this time, the risk of a full system compromise is too high to delay remediation. All compensating controls should be considered for systems that cannot be patched right away to reduce the attack surface.