Skip to content

Hide Navigation Hide TOC

Model Serialization (e00f1c63-f2e5-5e37-bac9-b071965df2a1)

Models are serialized and transferred between systems for deployment, a stage vulnerable to model serialization attacks. Models are often serialized for storage, sharing, or deployment, using formats like pickle, joblib, ONNX, or TensorFlow SavedModel. However, many serialization formats can embed executable code or unsafe object structures.

If an attacker tampers with a serialized model artifact and it is later deserialized without validation, they may achieve: * Remote Code Execution (RCE) during deserialization. * Privilege escalation or lateral movement inside the deployment environment. * Tampering with model behavior (e.g., inserting a backdoor or triggering silent failures).

These risks are especially severe when models are downloaded from untrusted sources, integrated via ML pipelines, or auto-loaded during CI/CD processes.

Threat-modeling question: Could unsafe deserialization of model artifacts lead to code execution or system compromise?

Cluster A Galaxy A Cluster B Galaxy B Level
ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6) Agent Threat Rules Model Serialization (e00f1c63-f2e5-5e37-bac9-b071965df2a1) PLOT4ai 1
ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6) Agent Threat Rules Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern 2
ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6) Agent Threat Rules ML Supply Chain Compromise (d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9) MITRE ATLAS Attack Pattern 2
ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6) Agent Threat Rules Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
ModelCache torch.load() Deserialization RCE (CVE-2025-45146) - ATR-2026-00433 (9da06101-b9e9-5d87-9a2a-1227b3c0add6) Agent Threat Rules Backdoor ML Model (c704a49c-abf0-4258-9919-a862b1865469) MITRE ATLAS Attack Pattern 2
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 3