CNNVD-202512-4075 Information
CNNVD ID
CNNVD-202512-4075
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
Tencent MedicalNet是中国腾讯(Tencent)公司的一个专为 3D 医疗影像设计的深度学习预训练模型库。 Tencent MedicalNet存在代码问题漏洞,该漏洞源于generate_model函数缺乏对用户提供数据的验证,可能导致反序列化不可信数据和远程代码执行。
Description (English)
Tencent MedicalNet is an in-depth learning pre-training model for 3D medical images designed by Tencent China. There is a code gap in Tencent MedicalNet, which stems from the lack of validation of data provided by users in the General Model function, which may lead to anti-serialization untrustworthy data and remote code execution.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
腾讯
Published
2025-12-23
Last Modified
2026-02-24
References
https://github.com/Tencent/MedicalNet/commit/1679f7ced8fd3e9ce1acc3b86cd840b5abdaa836 https://www.zerodayinitiative.com/advisories/ZDI-25-1031/
Patch
https://github.com/Tencent/MedicalNet/commit/1679f7ced8fd3e9ce1acc3b86cd840b5abdaa836
Share on: