Tech

Metadata Threatens Integrity of Python Libraries in AI/ML Models

Taylor KeatsmanTaylor Keatsman
ago 1 hour
Metadata Threatens Integrity of Python Libraries in AI/ML Models

Recent security vulnerabilities in popular Python libraries used for artificial intelligence (AI) and machine learning (ML) pose significant risks for developers relying on these tools in their projects. These vulnerabilities allow remote attackers to insert malicious code into metadata associated with libraries, leading to potential remote code execution (RCE) when files are loaded.

Key Vulnerabilities in Python Libraries

The affected libraries are NeMo, Uni2TS, and FlexTok, developed by notable organizations including Nvidia, Salesforce, and Apple, in collaboration with the Swiss Federal Institute of Technology (EPFL). These libraries rely on Hydra, a widely-used configuration management tool maintained by Meta.

  • NeMo: Created by Nvidia in 2019, NeMo uses file extensions such as .nemo and .qnemo to store model metadata and associated files. Vulnerabilities allow malicious metadata to trigger RCE.
  • Uni2TS: Developed by Salesforce, this library is utilized in various time series analysis models published on Hugging Face, primarily using .safetensors files.
  • FlexTok: This framework, co-developed by Apple and EPFL VILAB, is designed for image processing in AI/ML contexts and also utilizes .safetensors files.

How the Vulnerabilities Work

The primary issue revolves around the hydra.utils.instantiate() function, which inadvertently allows attackers to exploit its capability to execute arbitrary code. Notably, this function can accept names of callable objects and execute them along with provided arguments. Security researchers from Palo Alto Networks’ Unit 42 identified these flaws and reported them for remediation.

Response from Maintainters

In response to the findings, library maintainers issued security warnings and updates. Notably,:

  • Nvidia released a fix for NeMo under CVE-2025-23304.
  • Salesforce’s Uni2TS received vulnerabilities tracked under CVE-2026-22584, with a fix deployed on July 31, 2026.
  • FlexTok implemented security enhancements using YAML for configuration parsing and defined a whitelist for callable classes in Hydra.

Potential Risks

Despite the updates, the researchers indicate that there remains a considerable risk due to the accessibility of metadata in Hugging Face models. With over 100 Python libraries in use and approximately 50 relying on Hydra, the threat of exploitation persists, especially as Hugging Face does not adequately flag unsafe metadata files.

As a preventative measure, it’s crucial for developers to ensure they’re using trusted sources when loading models, and to remain vigilant regarding updates from library maintainers.

This situation highlights the ongoing need for robust security practices in AI and ML development to safeguard against potential misuse of powerful technologies.

The post Metadata Threatens Integrity of Python Libraries in AI/ML Models appeared first on CDN3 - Filmogaz.

Related Posts

Hearthstone 34.4 Patch Notes Released by Blizzard

Hearthstone 34.4 Patch Notes Released by Blizzard

Taylor Keatsman 14 Jan 2026

What This Change Means for Film Producers

What This Change Means for Film Producers

Taylor Keatsman 14 Jan 2026

Avoid Microsoft 365 Premium: Discover Why

Avoid Microsoft 365 Premium: Discover Why

Taylor Keatsman 14 Jan 2026

Framework Raises Desktop PC Prices Amid Prolonged RAM Shortage

Framework Raises Desktop PC Prices Amid Prolonged RAM S...

Taylor Keatsman 14 Jan 2026

Hearthstone 34.4 Update: Key Patch Notes Revealed

Hearthstone 34.4 Update: Key Patch Notes Revealed

Taylor Keatsman 14 Jan 2026

Ikea Unveils Innovative Scandi Smart Home Suite at CES Debut

Ikea Unveils Innovative Scandi Smart Home Suite at CES ...

Taylor Keatsman 14 Jan 2026