A critical vulnerability has been identified in ModelCache for LLM, a tool used for caching in Large Language Model applications. This flaw, designated CVE-2025-45146, allows an unauthenticated attacker to remotely execute arbitrary code on the server by sending specially crafted data. Successful exploitation could lead to a complete system compromise, resulting in data theft, service disruption, and unauthorized access to the underlying infrastructure.

The vulnerability is an insecure deserialization flaw within the /manager/data_manager.py component of the ModelCache application. The software fails to properly validate and sanitize user-supplied data before deserializing it. An attacker can craft a malicious serialized object that, when processed by the application, will execute arbitrary commands on the host system with the privileges of the ModelCache service account, leading to Remote Code Execution (RCE).

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the high potential for significant business disruption. Exploitation could lead to a complete compromise of the server hosting the ModelCache instance. This could result in the theft of sensitive data processed by the LLM, including proprietary business information, customer data, and the AI models themselves. Furthermore, a compromised system could be used as a staging point for further attacks against the internal network, causing widespread operational disruption and severe reputational damage.

Immediate Action: Immediately apply the vendor-supplied security patches to update all instances of ModelCache for LLM to a version later than v0.2.0. After patching, it is crucial to review system and application access logs for any anomalous activity or signs of compromise preceding the update.

Proactive Monitoring: Implement enhanced monitoring focused on the ModelCache application. Security teams should look for unusual requests to the /manager/data_manager.py endpoint, unexpected process execution originating from the ModelCache service, and outbound network connections to unknown destinations. Application logs should be monitored for deserialization errors or other exceptions that could indicate an exploitation attempt.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Use a Web Application Firewall (WAF) with rules specifically designed to inspect and block malicious serialized payloads.
• Restrict network access to the ModelCache management interface, ensuring it is only accessible from trusted IP addresses or internal networks.
• Run the ModelCache application in a containerized or sandboxed environment with minimal privileges to limit the impact of a potential compromise.

Public Exploit Available: False

This vulnerability poses a critical and immediate threat to the organization. Due to the high likelihood of exploitation leading to a full system compromise, we recommend that all affected ModelCache for LLM instances be patched immediately. This vulnerability should be prioritized at the highest level within your patch management program. Even though this CVE is not currently on the CISA KEV list, its severity warrants treating it with the same urgency as an actively exploited vulnerability. Proactive threat hunting for signs of compromise should be initiated alongside patching efforts.