CNNVD-202512-4071 Information

CNNVD ID

CNNVD-202512-4071

Related CVE

CVE-2025-13713

• CNNVD Published: 2025-12-23

Description (Chinese)

Tencent Hunyuan3D-1是中国腾讯（Tencent）公司的一个工业级3D生成大模型。 Tencent Hunyuan3D-1存在代码问题漏洞，该漏洞源于load_pretrained函数缺乏对用户提供数据的验证，可能导致反序列化不可信数据和远程代码执行。

Description (English)

Tencent Hunyuan3D-1 is an industrial 3D production model of Tencent. Tencent Hunyuan3D-1 has a code problem loophole, which stems from the lack of validation of data provided by users in the load pretrained function, which may lead to anti-serialization unreliable data and remote code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

腾讯

Published

2025-12-23

Last Modified

2026-02-24

References

https://github.com/Tencent-Hunyuan/Hunyuan3D-1/commit/454284503670312d4e06f6251c9be2f9f6d0fae7 https://www.zerodayinitiative.com/advisories/ZDI-25-1027/

Patch

https://github.com/Tencent-Hunyuan/Hunyuan3D-1