Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8Blast Radius
ecosystem impact- 1 pypi packages depend on verl (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 0.7.1.
DescriptionCVE.org
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Sandbox bypass in ByteDance verl up to version 0.7.0 allows remote attackers to achieve limited information disclosure through manipulation of the math_equal function in prime_math/grader.py. The vulnerability requires high attack complexity and has been publicly documented with exploit code available, though the vendor has not responded to early disclosure attempts.
Technical ContextAI
The vulnerability exists in the math_equal function within the prime_math/grader.py module of ByteDance verl, a machine learning training framework. The root cause is classified under CWE-265 (Improper Privilege Management / Insecure Direct Object References), indicating insufficient validation or authorization checks in the sandboxed evaluation context. The vulnerability allows circumvention of sandbox protections designed to safely evaluate mathematical expressions, potentially exposing internal state or computation results. The affected versions span from 0.1 through 0.7.0, suggesting the vulnerability has existed since early releases.
RemediationAI
No vendor-released patch has been identified at time of analysis due to the vendor's non-response to disclosure. Users should immediately upgrade to a version newer than 0.7.0 if one becomes available; however, the absence of vendor communication means current deployments cannot rely on an official security release. As compensating controls, restrict network access to verl evaluation endpoints using firewall rules or API gateway authentication to limit remote attack surface, isolate verl services into separate network segments to contain potential information leakage, and disable or restrict access to the math_equal function in prime_math/grader.py if not critical to your use case (document functional impact before disabling). Monitor for unusual access patterns to grader.py or unexpected outputs from mathematical evaluation functions. Consider forking verl and applying a patch that adds input validation to the math_equal function, or switch to alternative machine learning training frameworks with more active security governance if this vulnerability blocks your deployment timeline.
Same weakness CWE-265 – Privilege Issues
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25146
GHSA-h57c-v2v3-5v3v