CVE-2025-65213
Unknown Unknown - Not Provided

Unsafe Deserialization in MooreThreads torch_musa Enables RCE

Vulnerability report for CVE-2025-65213, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-15

Last updated on: 2025-12-15

Assigner: MITRE

Description

MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in torch_musa.utils.compare_tool. The compare_for_single_op() and nan_inf_track_for_single_op() functions use pickle.load() on user-controlled file paths without validation, allowing arbitrary code execution. An attacker can craft a malicious pickle file that executes arbitrary Python code when loaded, enabling remote code execution with the privileges of the victim process.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-15
Last Modified
2025-12-15
Generated
2026-07-06
AI Q&A
2025-12-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
moorethreads torch_musa *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an unsafe deserialization issue in the MooreThreads torch_musa library, specifically in the torch_musa.utils.compare_tool module. Two functions, compare_for_single_op and nan_inf_track_for_single_op, use Python's pickle.load() to deserialize data from user-controlled file paths without any validation. Because pickle can execute arbitrary code during deserialization via the __reduce__() method, an attacker can craft a malicious pickle file that executes arbitrary Python code or system commands with the privileges of the victim process when loaded. This leads to remote code execution. [1]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on the affected system with the same privileges as the process running the torch_musa library. This means the attacker could run malicious commands, potentially leading to full system compromise, data theft, data corruption, or disruption of services. [1]

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious pickle files being loaded by the torch_musa.utils.compare_tool module, specifically through the functions compare_for_single_op() and nan_inf_track_for_single_op(). One practical detection method is to look for the creation of marker files such as /tmp/pwned.txt or /POC_RCE_PROOF.txt, which are used in exploit proofs. You can use commands like `ls /tmp/pwned.txt` or `ls /POC_RCE_PROOF.txt` to check for these files. Additionally, monitoring for unexpected file accesses or executions involving pickle files in the torch_musa environment may help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include preventing the loading of untrusted pickle files in the torch_musa.utils.compare_tool module. This can be done by disabling or restricting the use of compare_for_single_op() and nan_inf_track_for_single_op() functions until a patch is applied. Avoid passing user-controlled file paths to these functions. Applying any available patches or updates from MooreThreads that fix the unsafe deserialization vulnerability is critical. As a temporary measure, monitor and restrict file inputs to these functions and consider running the affected processes with minimal privileges to limit potential damage from exploitation. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65213. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart