CVE-2025-57622
Remote Code Execution via Deserialization in Step-Video-T2V APIs
Publication date: 2026-03-03
Last updated on: 2026-03-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stepfun-ai | step-video-t2v | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-57622 is a critical Remote Code Execution (RCE) vulnerability in the Step-Video-T2V software. It arises from unsafe deserialization of untrusted data using Python's pickle module in the /vae-api and /caption-api endpoints. This flaw allows a remote attacker to send specially crafted data that, when deserialized by the server, can execute arbitrary system commands without authentication."}] [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows unauthenticated remote attackers to execute arbitrary code on the server hosting Step-Video-T2V. This can lead to full system compromise, including unauthorized access, data theft, service disruption, or further attacks launched from the compromised system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring network traffic for requests to the `/vae-api` and `/caption-api` endpoints that contain suspicious or unexpected pickled data payloads, as these endpoints are vulnerable to unsafe deserialization.'}, {'type': 'paragraph', 'content': 'You can use network inspection tools like tcpdump or Wireshark to capture HTTP GET requests targeting these endpoints and analyze the payloads for unusual or malicious serialized data.'}, {'type': 'paragraph', 'content': 'Example commands to detect such activity include:'}, {'type': 'list_item', 'content': "Using tcpdump to capture HTTP GET requests to `/vae-api` or `/caption-api` endpoints on port 80 or 443: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -E 'GET /vae-api|GET /caption-api'"}, {'type': 'list_item', 'content': 'Using curl or similar tools to test the endpoints with crafted payloads to see if the server responds or crashes, indicating vulnerability.'}, {'type': 'paragraph', 'content': 'Additionally, reviewing server logs for unusual errors or crashes related to these endpoints can help detect exploitation attempts.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include disabling or restricting access to the `/vae-api` and `/caption-api` endpoints to prevent unauthenticated remote access.'}, {'type': 'paragraph', 'content': "Avoid using Python's pickle module to deserialize untrusted input, as it allows arbitrary code execution."}, {'type': 'paragraph', 'content': 'If possible, apply patches or updates provided by the Step-Video-T2V project that fix the unsafe deserialization vulnerability.'}, {'type': 'paragraph', 'content': 'Implement network-level protections such as firewall rules or API gateway filters to block or authenticate requests to these endpoints.'}, {'type': 'paragraph', 'content': 'Monitor your systems for signs of compromise and consider isolating affected servers until the vulnerability is remediated.'}] [1, 2]