Three open-source AI/ML Python libraries by Apple, Salesforce, and NVIDIA have vulnerabilities allowing remote code execution (RCE) via malicious metadata in models. Specifically:
- NeMo – NVIDIA's PyTorch framework for diverse AI/ML model development
- Uni2TS – Salesforce's library for time series analysis
- FlexTok – Apple's framework for image processing
The vulnerabilities leverages hydra.utils.instantiate() to execute arbitrary code embedded in model metadata. None have been exploited in the wild as of December 2025. Fixes were issued swiftly by the vendors, with severity ratings classified as High. Modifications in their libraries have improved security against these issues, emphasizing the importance of ongoing vigilance in AI/ML model handling.
https://unit42.paloaltonetworks.com/rce-vulnerabilities-in-ai-python-libraries/

