CVE-2025-13715 is a critical vulnerability classified under CWE-502 (Deserialization of Untrusted Data) affecting Tencent's FaceDetection-DSFD product, specifically the resnet endpoint. The vulnerability arises because the application fails to properly validate or sanitize user-supplied serialized data before deserializing it. This flaw enables remote attackers to craft malicious serialized objects that, when processed by the vulnerable endpoint, lead to arbitrary code execution with root privileges on the host system. Exploitation requires user interaction, such as the victim visiting a malicious webpage or opening a malicious file containing the exploit payload. The vulnerability has a CVSS 3.0 base score of 7.8, indicating high severity with significant impacts on confidentiality, integrity, and availability. The attack vector is local (AV:L) but requires low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R). Although no public exploits are known at this time, the potential for remote code execution at root level makes this a critical concern. The vulnerability was publicly disclosed on December 23, 2025, and assigned by ZDI (ZDI-CAN-27197). No patches have been linked yet, emphasizing the need for proactive mitigation.

For European organizations, the impact of CVE-2025-13715 is substantial. Successful exploitation can lead to full system compromise with root privileges, allowing attackers to steal sensitive data, disrupt services, or move laterally within networks. Organizations relying on Tencent FaceDetection-DSFD for facial recognition or related AI services could face operational disruptions and data breaches. The requirement for user interaction slightly reduces the risk but does not eliminate it, especially in environments where users may be targeted via phishing or malicious content delivery. Confidentiality, integrity, and availability of critical systems are at high risk, potentially affecting sectors like finance, healthcare, and government that utilize facial recognition technologies. The lack of known exploits currently provides a window for mitigation, but the high severity score demands urgent attention.

1. Immediately monitor for updates or patches from Tencent and apply them as soon as they become available. 2. Implement strict input validation and sanitization on all data received by the FaceDetection-DSFD resnet endpoint to prevent deserialization of malicious objects. 3. Employ network segmentation and least privilege principles to limit the exposure of vulnerable services and restrict root-level access. 4. Educate users on the risks of interacting with untrusted files or links to reduce the likelihood of user interaction-based exploitation. 5. Deploy endpoint detection and response (EDR) solutions to identify anomalous behaviors indicative of exploitation attempts. 6. Conduct regular security audits and penetration testing focused on deserialization vulnerabilities within AI/ML components. 7. Consider disabling or restricting the vulnerable resnet endpoint if it is not essential to operations until a patch is available. 8. Use application-layer firewalls or web application firewalls (WAFs) to detect and block suspicious serialized payloads targeting the vulnerable endpoint.