CVE-2025-65213
Unsafe Deserialization in MooreThreads torch_musa Enables RCE
Publication date: 2025-12-15
Last updated on: 2025-12-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moorethreads | torch_musa | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unsafe deserialization issue in the MooreThreads torch_musa library, specifically in the torch_musa.utils.compare_tool module. Two functions, compare_for_single_op and nan_inf_track_for_single_op, use Python's pickle.load() to deserialize data from user-controlled file paths without any validation. Because pickle can execute arbitrary code during deserialization via the __reduce__() method, an attacker can craft a malicious pickle file that executes arbitrary Python code or system commands with the privileges of the victim process when loaded. This leads to remote code execution. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on the affected system with the same privileges as the process running the torch_musa library. This means the attacker could run malicious commands, potentially leading to full system compromise, data theft, data corruption, or disruption of services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious pickle files being loaded by the torch_musa.utils.compare_tool module, specifically through the functions compare_for_single_op() and nan_inf_track_for_single_op(). One practical detection method is to look for the creation of marker files such as /tmp/pwned.txt or /POC_RCE_PROOF.txt, which are used in exploit proofs. You can use commands like `ls /tmp/pwned.txt` or `ls /POC_RCE_PROOF.txt` to check for these files. Additionally, monitoring for unexpected file accesses or executions involving pickle files in the torch_musa environment may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing the loading of untrusted pickle files in the torch_musa.utils.compare_tool module. This can be done by disabling or restricting the use of compare_for_single_op() and nan_inf_track_for_single_op() functions until a patch is applied. Avoid passing user-controlled file paths to these functions. Applying any available patches or updates from MooreThreads that fix the unsafe deserialization vulnerability is critical. As a temporary measure, monitor and restrict file inputs to these functions and consider running the affected processes with minimal privileges to limit potential damage from exploitation. [1]