A critical remote code execution vulnerability in OpenMed allows unauthenticated attackers to achieve full system compromise by injecting malicious model repository code.

The software fails to properly sanitize the model_name parameter, allowing an unauthenticated attacker to manipulate path routing and load arbitrary Hugging Face models with trust_remote_code=True enabled. This results in the execution of attacker-supplied code within the context of the OpenMed service process.

Successful exploitation of this vulnerability permits full remote code execution, which can lead to complete system takeover, unauthorized access to sensitive PII data, and significant operational disruption. With a CVSS score of 9.8, this flaw represents a critical risk to organizational data integrity and infrastructure stability.

Immediate Action: Upgrade all instances of OpenMed to version 1.5.2 or later to patch the vulnerable model loading path.

Proactive Monitoring: Monitor service logs for unusual model loading requests or unexpected outbound network connections from the OpenMed service process.

Compensating Controls: Implement strict network egress filtering to prevent the service from communicating with unauthorized or untrusted model repositories.

Public Exploit Available: false

Given the critical severity of this remote code execution vulnerability, immediate patching is required. Organizations should prioritize updating to version 1.5.2 to eliminate the risk of unauthenticated code execution.