Palo Alto Networks' Unit 42 disclosed vulnerabilities in three popular AI/ML Python libraries—Nvidia's NeMo, Salesforce's Uni2TS, and Apple's/EPFL VILAB's FlexTok—that allow remote code execution when hydra.utils.instantiate() processes malicious model metadata used in Hugging Face models. Maintainers have released fixes and advisories (including CVE-2025-23304 and CVE-2026-22584), and the issue raises concerns about a large attack surface across roughly 50 Hydra-using libraries on Hugging Face.
Key Points
- 1Expose Hydra instantiate RCE via malicious model metadata in NeMo, Uni2TS, and FlexTok
- 2Allow attackers to invoke built-in callables (eval, os.system), enabling arbitrary remote code execution
- 3Force practitioners to sanitize metadata, implement allow-lists, and avoid loading untrusted Hugging Face models
Scoring Rationale
High practical impact and official fixes drive score; limited evidence of in-the-wild exploitation slightly tempers urgency.
Sources
Public references used for this report.
Practice with real Retail & eCommerce data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Retail & eCommerce problems
