Industry Newshydrarcesafetensorshuggingface

Libraries Expose Hydra Instantiate Remote Code Execution

||By LDS Team
8.9
Relevance Score
Libraries Expose Hydra Instantiate Remote Code Execution

Palo Alto Networks' Unit 42 disclosed vulnerabilities in three popular AI/ML Python libraries—Nvidia's NeMo, Salesforce's Uni2TS, and Apple's/EPFL VILAB's FlexTok—that allow remote code execution when hydra.utils.instantiate() processes malicious model metadata used in Hugging Face models. Maintainers have released fixes and advisories (including CVE-2025-23304 and CVE-2026-22584), and the issue raises concerns about a large attack surface across roughly 50 Hydra-using libraries on Hugging Face.

Key Points

  • 1Expose Hydra instantiate RCE via malicious model metadata in NeMo, Uni2TS, and FlexTok
  • 2Allow attackers to invoke built-in callables (eval, os.system), enabling arbitrary remote code execution
  • 3Force practitioners to sanitize metadata, implement allow-lists, and avoid loading untrusted Hugging Face models

Scoring Rationale

High practical impact and official fixes drive score; limited evidence of in-the-wild exploitation slightly tempers urgency.

Sources

Public references used for this report.

2 sources

Practice with real Retail & eCommerce data

90 SQL & Python problems · 15 industry datasets

250 free problems · No credit card

See all Retail & eCommerce problems