CNNVD-202512-4076 Information

CNNVD ID

CNNVD-202512-4076

Related CVE

CVE-2025-13709

• CNNVD Published: 2025-12-23

Description (Chinese)

Tencent TFace是中国腾讯（Tencent）公司的一款专注于人脸识别的深度学习研究平台。 Tencent TFace存在代码问题漏洞，该漏洞源于restore_checkpoint函数缺乏对用户提供数据的验证，可能导致反序列化不可信数据和远程代码执行。

Description (English)

Tencent TFAE is an in-depth learning research platform focused on human face recognition in China. There is a code gap in Tencent TFAE, which stems from the lack of validation of the data provided by the user in the Restore checkpoint function, which may lead to antisequencing untrustworthy data and remote code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

腾讯

Published

2025-12-23

Last Modified

2026-02-24

References

https://github.com/Tencent/TFace/commit/7b2eed297d43dcdd1e3d45bfdfc950478e3af5d9 https://www.zerodayinitiative.com/advisories/ZDI-25-1036/

Patch

https://github.com/Tencent/TFace