Skip to content
Critical Published: Dec 15, 2025

CVE-2025-65213

9.8 CVSS Score Critical
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Export CVE-2025-65213 Data:
Share:
Link copied!

Description

MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in torch_musa.utils.compare_tool. The compare_for_single_op() and nan_inf_track_for_single_op() functions use pickle.load() on user-controlled file paths without validation, allowing arbitrary code execution. An attacker can craft a malicious pickle file that executes arbitrary Python code when loaded, enabling remote code execution with the privileges of the victim process.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Weaknesses (CWE)

  • CWE-502

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2003-0791 CVSS 9.8 Same weakness: CWE-502 CVE-2007-1701 CVSS 0 Same weakness: CWE-502 CVE-2010-3258 CVSS 0 Same weakness: CWE-502 CVE-2010-4574 CVSS 0 Same weakness: CWE-502 CVE-2011-2520 CVSS 7.8 Same weakness: CWE-502

CVE History Timeline

Dec 15, 2025 19:16 New CVE Received
Dec 15, 2025 19:16 CVE Modified
← Back to CVE Tracker