CNNVD-202512-4081 Information

Dec 23, 2025 cve

CNNVD ID

CNNVD-202512-4081

CVE-2025-13708

CNNVD Published: 2025-12-23

Description (Chinese)

Tencent NeuralNLP-NeuralClassifier是中国腾讯（Tencent）公司的一个深度学习工具包。 Tencent NeuralNLP-NeuralClassifier存在代码问题漏洞，该漏洞源于_load_checkpoint函数缺乏对用户提供数据的验证，可能导致反序列化不可信数据和远程代码执行。

Description (English)

Tencent NeuralNLP-NeuralClassifier is an in-depth learning toolkit for Tencent. Tencent NeuralNLP-NeuralClassifier has a code problem loophole, which stems from the lack of validation of data provided by users in the load checkpoint function, which may lead to anti-serialization untrustworthy data and remote code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

腾讯

Published

2025-12-23

Last Modified

2026-02-24

References

https://github.com/Tencent/NeuralNLP-NeuralClassifier/commit/8dea5ffdb45cf0a33b3d116de38507afaee87594 https://www.zerodayinitiative.com/advisories/ZDI-25-1033/

Patch

https://github.com/Tencent/NeuralNLP-NeuralClassifier/commit/8dea5ffdb45cf0a33b3d116de38507afaee87594

Share on: