Meta

Cybersecurity researchers at Oligo Security discovered a series of critical **Remote Code Execution (RCE) vulnerabilities** in Meta’s AI inference server frameworks, stemming from insecure coding practices. The flaws originated from the unsafe use of **ZeroMQ (ZMQ)** and **Python’s pickle deserialization**, which were unknowingly propagated across multiple projects—including Meta’s—due to developers copying vulnerable code snippets verbatim between repositories.The vulnerabilities pose a severe risk, as they allow attackers to execute arbitrary code on AI servers, potentially compromising **sensitive training data, proprietary algorithms, or user interactions** processed by Meta’s AI systems. While no immediate breach or data theft has been confirmed, the exposure of such critical infrastructure could enable large-scale exploitation, including **supply-chain attacks, model poisoning, or unauthorized access to internal AI pipelines**. The systemic nature of the flaw—shared across major tech firms—heightens the risk of cascading security failures if left unpatched. Meta, alongside other affected organizations, is likely scrambling to deploy fixes, but the incident underscores the dangers of **code reuse without security vetting** in AI/ML ecosystems.

Source: https://www.csoonline.com/article/4090061/copy-paste-vulnerability-hit-ai-inference-frameworks-at-meta-nvidia-and-microsoft.html

Meta cybersecurity rating report: https://www.rankiteo.com/company/meta

"id": "MET2632026111425",
"linkid": "meta",
"type": "Vulnerability",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Technology (AI/ML)',
                        'location': 'Global (HQ: Menlo Park, California, USA)',
                        'name': 'Meta',
                        'size': 'Large',
                        'type': 'Corporation'},
                       {'industry': 'Technology (AI/GPU)',
                        'location': 'Global (HQ: Santa Clara, California, USA)',
                        'name': 'Nvidia',
                        'size': 'Large',
                        'type': 'Corporation'},
                       {'industry': 'Technology (AI/Cloud)',
                        'location': 'Global (HQ: Redmond, Washington, USA)',
                        'name': 'Microsoft',
                        'size': 'Large',
                        'type': 'Corporation'},
                       {'industry': 'AI/ML',
                        'location': 'Global',
                        'name': 'vLLM',
                        'type': 'Open-Source Project'},
                       {'industry': 'AI/ML',
                        'location': 'Global',
                        'name': 'SGLang',
                        'type': 'Open-Source Project'}],
 'attack_vector': ['Unsafe deserialization (Python pickle)',
                   'ZeroMQ (ZMQ) misuse'],
 'description': 'Cybersecurity researchers at Oligo Security uncovered a chain '
                'of critical remote code execution (RCE) vulnerabilities in '
                'major AI inference server frameworks, including those from '
                'Meta, Nvidia, Microsoft, and open-source projects such as '
                'vLLM and SGLang. The vulnerabilities propagated due to '
                'developers copying insecure code patterns across projects, '
                'transplanting the same flaw into multiple ecosystems. The '
                'root cause was traced to the unsafe use of ZeroMQ (ZMQ) and '
                'Python’s pickle deserialization, with code files copied '
                'line-for-line between repositories, spreading dangerous '
                'patterns.',
 'impact': {'brand_reputation_impact': 'High (due to widespread vulnerability '
                                       'in critical AI frameworks)',
            'operational_impact': 'Potential unauthorized code execution on AI '
                                  'infrastructure',
            'systems_affected': ['AI inference servers (Meta, Nvidia, '
                                 'Microsoft, vLLM, SGLang)']},
 'initial_access_broker': {'high_value_targets': ['AI inference servers']},
 'investigation_status': 'Ongoing (vulnerabilities disclosed, patches likely '
                         'in development)',
 'lessons_learned': 'Code reuse without security review can propagate '
                    'vulnerabilities across ecosystems. Critical '
                    'infrastructure (e.g., AI frameworks) requires stricter '
                    'scrutiny of third-party dependencies and serialization '
                    'practices.',
 'post_incident_analysis': {'root_causes': ['Unsafe use of ZeroMQ (ZMQ) in AI '
                                            'frameworks',
                                            'Python pickle deserialization '
                                            'vulnerabilities',
                                            'Code copying between projects '
                                            'without security validation']},
 'recommendations': ['Avoid unsafe deserialization (e.g., Python pickle) in '
                     'production systems.',
                     'Audit copied code for security flaws before integration.',
                     'Implement secure alternatives to ZeroMQ or enforce '
                     'strict input validation.',
                     'Conduct regular security reviews of AI/ML infrastructure '
                     'dependencies.'],
 'references': [{'source': 'Oligo Security Research'}],
 'response': {'third_party_assistance': ['Oligo Security '
                                         '(research/disclosure)']},
 'title': 'Critical Remote Code Execution (RCE) Vulnerabilities in AI '
          'Inference Server Frameworks',
 'type': ['Vulnerability', 'Remote Code Execution (RCE)'],
 'vulnerability_exploited': ['CVE pending (ZeroMQ unsafe usage)',
                             'CVE pending (Python pickle deserialization)']}