CVE-2025-65213

Published: Dec 15, 2025

Modified: Dec 15, 2025

PUBLISHED

Description

MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in torch_musa.utils.compare_tool. The compare_for_single_op() and nan_inf_track_for_single_op() functions use pickle.load() on user-controlled file paths without validation, allowing arbitrary code execution. An attacker can craft a malicious pickle file that executes arbitrary Python code when loaded, enabling remote code execution with the privileges of the victim process.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/MooreThreads/torch_musa/issues/110#issuecomment-3475809588

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-65213

Description

Affected Products

References