CVE-2025-3165: Deserialization in thu-pacman chitu
A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. An attack has to be approached locally.
AI Analysis
Technical Summary
CVE-2025-3165 is a deserialization vulnerability identified in version 0.1.0 of the thu-pacman chitu software, specifically within the torch.load function located in the chitu/chitu/backend.py file. The vulnerability arises from improper input validation of the arguments ckpt_path and quant_ckpt_dir, which are used as inputs to the deserialization process. Deserialization vulnerabilities occur when untrusted data is deserialized, potentially allowing an attacker to execute arbitrary code or manipulate program behavior. In this case, the vulnerability requires local access to the system to exploit, meaning an attacker must have the ability to execute code or interact with the system locally to manipulate the deserialization inputs. The vulnerability is classified as medium severity by the source, despite being described as critical in the initial description, likely reflecting the limited attack vector (local access required) and absence of known exploits in the wild. No patches or fixes have been published yet, and no known exploits have been reported. The vulnerability affects only version 0.1.0 of the chitu product, which is part of the thu-pacman project. Given that the vulnerability involves deserialization in a machine learning or AI-related backend (torch.load is commonly used in PyTorch frameworks for loading model checkpoints), exploitation could lead to arbitrary code execution or compromise of the confidentiality and integrity of the system running the software, especially if the attacker can supply malicious checkpoint files or directories. However, the requirement for local access limits the attack surface primarily to insiders or attackers who have already gained some foothold on the system.
Potential Impact
For European organizations using thu-pacman chitu 0.1.0, the impact of this vulnerability could be significant in environments where local access is possible, such as multi-user systems, shared development environments, or compromised internal networks. Successful exploitation could lead to arbitrary code execution, potentially allowing attackers to escalate privileges, manipulate machine learning models, or disrupt AI workflows. This could compromise the confidentiality and integrity of sensitive data processed by the software, including intellectual property or personal data subject to GDPR. Availability impact is less likely unless the attacker deliberately disrupts services. Since the vulnerability requires local access, remote exploitation is not feasible without prior compromise, reducing the risk of widespread attacks. However, in sectors with high reliance on AI/ML workflows—such as finance, healthcare, automotive, and research institutions—this vulnerability could be leveraged as part of a multi-stage attack. The lack of known exploits and patches means organizations may be unaware of the risk, increasing the chance of unnoticed exploitation if local access controls are weak. Additionally, the vulnerability could be exploited by malicious insiders or through lateral movement after initial compromise.
Mitigation Recommendations
1. Restrict local access to systems running thu-pacman chitu 0.1.0 by enforcing strict user authentication and authorization policies. 2. Implement robust endpoint security controls to detect and prevent unauthorized local code execution or file manipulation. 3. Monitor and audit usage of the torch.load function and access to checkpoint files (ckpt_path and quant_ckpt_dir) to detect anomalous behavior or unauthorized file modifications. 4. Isolate environments running vulnerable versions in secure containers or virtual machines to limit the impact of potential exploitation. 5. Encourage developers and administrators to upgrade to newer versions of thu-pacman chitu once patches are released, or apply custom patches if available. 6. Employ application whitelisting and integrity verification for checkpoint files to prevent loading of malicious serialized data. 7. Educate users and administrators about the risks of deserialization vulnerabilities and the importance of controlling local access. 8. Use network segmentation to limit lateral movement opportunities for attackers who gain local access on one system. 9. Regularly review and harden system configurations and permissions to minimize the attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland
CVE-2025-3165: Deserialization in thu-pacman chitu
Description
A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. An attack has to be approached locally.
AI-Powered Analysis
Technical Analysis
CVE-2025-3165 is a deserialization vulnerability identified in version 0.1.0 of the thu-pacman chitu software, specifically within the torch.load function located in the chitu/chitu/backend.py file. The vulnerability arises from improper input validation of the arguments ckpt_path and quant_ckpt_dir, which are used as inputs to the deserialization process. Deserialization vulnerabilities occur when untrusted data is deserialized, potentially allowing an attacker to execute arbitrary code or manipulate program behavior. In this case, the vulnerability requires local access to the system to exploit, meaning an attacker must have the ability to execute code or interact with the system locally to manipulate the deserialization inputs. The vulnerability is classified as medium severity by the source, despite being described as critical in the initial description, likely reflecting the limited attack vector (local access required) and absence of known exploits in the wild. No patches or fixes have been published yet, and no known exploits have been reported. The vulnerability affects only version 0.1.0 of the chitu product, which is part of the thu-pacman project. Given that the vulnerability involves deserialization in a machine learning or AI-related backend (torch.load is commonly used in PyTorch frameworks for loading model checkpoints), exploitation could lead to arbitrary code execution or compromise of the confidentiality and integrity of the system running the software, especially if the attacker can supply malicious checkpoint files or directories. However, the requirement for local access limits the attack surface primarily to insiders or attackers who have already gained some foothold on the system.
Potential Impact
For European organizations using thu-pacman chitu 0.1.0, the impact of this vulnerability could be significant in environments where local access is possible, such as multi-user systems, shared development environments, or compromised internal networks. Successful exploitation could lead to arbitrary code execution, potentially allowing attackers to escalate privileges, manipulate machine learning models, or disrupt AI workflows. This could compromise the confidentiality and integrity of sensitive data processed by the software, including intellectual property or personal data subject to GDPR. Availability impact is less likely unless the attacker deliberately disrupts services. Since the vulnerability requires local access, remote exploitation is not feasible without prior compromise, reducing the risk of widespread attacks. However, in sectors with high reliance on AI/ML workflows—such as finance, healthcare, automotive, and research institutions—this vulnerability could be leveraged as part of a multi-stage attack. The lack of known exploits and patches means organizations may be unaware of the risk, increasing the chance of unnoticed exploitation if local access controls are weak. Additionally, the vulnerability could be exploited by malicious insiders or through lateral movement after initial compromise.
Mitigation Recommendations
1. Restrict local access to systems running thu-pacman chitu 0.1.0 by enforcing strict user authentication and authorization policies. 2. Implement robust endpoint security controls to detect and prevent unauthorized local code execution or file manipulation. 3. Monitor and audit usage of the torch.load function and access to checkpoint files (ckpt_path and quant_ckpt_dir) to detect anomalous behavior or unauthorized file modifications. 4. Isolate environments running vulnerable versions in secure containers or virtual machines to limit the impact of potential exploitation. 5. Encourage developers and administrators to upgrade to newer versions of thu-pacman chitu once patches are released, or apply custom patches if available. 6. Employ application whitelisting and integrity verification for checkpoint files to prevent loading of malicious serialized data. 7. Educate users and administrators about the risks of deserialization vulnerabilities and the importance of controlling local access. 8. Use network segmentation to limit lateral movement opportunities for attackers who gain local access on one system. 9. Regularly review and harden system configurations and permissions to minimize the attack surface.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-04-03T07:17:43.841Z
- Cisa Enriched
- true
Threat ID: 682d984bc4522896dcbf84cc
Added to database: 5/21/2025, 9:09:31 AM
Last enriched: 6/20/2025, 9:34:59 AM
Last updated: 8/12/2025, 12:42:02 AM
Views: 15
Related Threats
CVE-2025-9041: CWE-1287: Improper Validation of Specified Type of Input in Rockwell Automation FLEX 5000 I/O
HighCVE-2025-43983: n/a
UnknownCVE-2025-9042: CWE-1287: Improper Validation of Specified Type of Input in Rockwell Automation FLEX 5000 I/O
HighCVE-2025-8962: Stack-based Buffer Overflow in code-projects Hostel Management System
MediumCVE-2025-38745: CWE-532: Insertion of Sensitive Information into Log File in Dell OpenManage Enterprise
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.