The vulnerability is a code injection flaw (CWE-95) located in the training script of the flash‑attention project. The script exposes the Python eval() function as a Hydra configuration resolver named eval, enabling the use of the syntax ${eval:…} in configuration files. When such a file is processed, the eval resolver executes the contained Python expression. This mechanism allows an attacker to run arbitrary Python code during training, potentially compromising the system that runs the training script. The analysis is strictly based on the provided description and does not assume additional impact beyond the injection described.

Affected components include the flash‑attention project and its training scripts that register the eval resolver. Any environment where the training script is executed with user‑supplied configuration files is at risk. Specific product names and versions are not listed, but the commit reference e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025‑13‑04) identifies the state of the code at the time of disclosure. Users running older, unpatched copies of the project for training or experimentation should consider themselves potentially vulnerable.

The EPSS score is less than 1%, and the vulnerability is not cataloged in CISA KEV, indicating very low publicly known exploitation activity so far. However, the CVE description implies an arbitrary code execution capability; if an attacker can supply a malicious configuration file, the vulnerability can be exercised. The CVSS score is 7.3, indicating a high severity. The likely attack vector is a local or privileged attacker who can provide or modify configuration files that are then processed by the training script. No additional public exploitation information is available to date.