CNNVD-202512-4072 Information

CNNVD ID

CNNVD-202512-4072

Related CVE

CVE-2025-13711

• CNNVD Published: 2025-12-23

Description (Chinese)

Tencent TFace是中国腾讯（Tencent）公司的一款专注于人脸识别的深度学习研究平台。 Tencent TFace存在代码问题漏洞，该漏洞源于eval端点缺乏对用户提供数据的验证，可能导致反序列化不可信数据和远程代码执行。

Description (English)

Tencent TFAE is an in-depth learning research platform focused on human face recognition in China. There is a code gap in Tencent TFAE, which stems from the lack of validation of data provided by users at the eval endpoint, which may lead to anti-serialization untrustworthy data and remote code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

腾讯

Published

2025-12-23

Last Modified

2026-02-24

References

https://github.com/Tencent/TFace/commit/7b2eed297d43dcdd1e3d45bfdfc950478e3af5d9 https://www.zerodayinitiative.com/advisories/ZDI-25-1035/

Patch

https://github.com/Tencent/TFace