CVE-2025-65213
Unknown Unknown - Not Provided
Unsafe Deserialization in MooreThreads torch_musa Enables RCE

Publication date: 2025-12-15

Last updated on: 2025-12-15

Assigner: MITRE

Description
MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in torch_musa.utils.compare_tool. The compare_for_single_op() and nan_inf_track_for_single_op() functions use pickle.load() on user-controlled file paths without validation, allowing arbitrary code execution. An attacker can craft a malicious pickle file that executes arbitrary Python code when loaded, enabling remote code execution with the privileges of the victim process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-15
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-14
NVD
CVE-2025-65213
EUVD
EUVD-2025-203406
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
moorethreads torch_musa *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unsafe deserialization issue in the MooreThreads torch_musa library, specifically in the torch_musa.utils.compare_tool module. Two functions, compare_for_single_op and nan_inf_track_for_single_op, use Python's pickle.load() to deserialize data from user-controlled file paths without any validation. Because pickle can execute arbitrary code during deserialization via the __reduce__() method, an attacker can craft a malicious pickle file that executes arbitrary Python code or system commands with the privileges of the victim process when loaded. This leads to remote code execution. [1]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on the affected system with the same privileges as the process running the torch_musa library. This means the attacker could run malicious commands, potentially leading to full system compromise, data theft, data corruption, or disruption of services. [1]

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious pickle files being loaded by the torch_musa.utils.compare_tool module, specifically through the functions compare_for_single_op() and nan_inf_track_for_single_op(). One practical detection method is to look for the creation of marker files such as /tmp/pwned.txt or /POC_RCE_PROOF.txt, which are used in exploit proofs. You can use commands like `ls /tmp/pwned.txt` or `ls /POC_RCE_PROOF.txt` to check for these files. Additionally, monitoring for unexpected file accesses or executions involving pickle files in the torch_musa environment may help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include preventing the loading of untrusted pickle files in the torch_musa.utils.compare_tool module. This can be done by disabling or restricting the use of compare_for_single_op() and nan_inf_track_for_single_op() functions until a patch is applied. Avoid passing user-controlled file paths to these functions. Applying any available patches or updates from MooreThreads that fix the unsafe deserialization vulnerability is critical. As a temporary measure, monitor and restrict file inputs to these functions and consider running the affected processes with minimal privileges to limit potential damage from exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65213. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart