https://blog.qife122.com/tags/cve-2025-14926/ Recent content in CVE-2025-14926 on 办公AI智能小助手 Hugo zh-cn qife Sun, 28 Dec 2025 11:38:15 +0800 https://blog.qife122.com/p/hugging-face-transformers%E9%AB%98%E5%8D%B1%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E8%AF%A6%E8%A7%A3/ Sun, 28 Dec 2025 11:38:15 +0800 https://blog.qife122.com/p/hugging-face-transformers%E9%AB%98%E5%8D%B1%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E8%AF%A6%E8%A7%A3/ <h1 id="cve-2025-14926-cwe-94-hugging-face-transformers-中不当控制代码生成代码注入">CVE-2025-14926: CWE-94: Hugging Face Transformers 中不当控制代码生成（&lsquo;代码注入&rsquo;）</h1> <p><strong>严重性</strong>: 高 <strong>类型</strong>: 漏洞</p> <h2 id="漏洞描述">漏洞描述</h2> <p><strong>CVE-2025-14926</strong> Hugging Face Transformers SEW convert_config 代码注入远程代码执行漏洞。此漏洞允许远程攻击者在受影响的Hugging Face Transformers安装上执行任意代码。利用此漏洞需要用户交互，即目标必须转换一个恶意检查点。</p>