CVE-2025-3622 is a deserialization vulnerability identified in Xorbits Inference versions 1.4.0 and 1.4.1, specifically within the load function of the file xinference/thirdparty/cosyvoice/cli/model.py. Deserialization vulnerabilities occur when untrusted input is deserialized without proper validation or sanitization, potentially allowing an attacker to execute arbitrary code, manipulate application logic, or cause denial of service. In this case, the vulnerability arises from improper input validation during the deserialization process, which can be exploited by crafting malicious serialized data that, when loaded by the vulnerable function, leads to unintended code execution or system compromise. Although the vulnerability is classified as medium severity by the source, the underlying risk of deserialization flaws is typically high due to their potential to allow remote code execution or privilege escalation. The vulnerability affects a specific component of the Xorbits Inference product, which is likely used in machine learning inference workflows. No known exploits are currently reported in the wild, and no patches or mitigations have been officially published at the time of this report. The vulnerability was reserved and published in April 2025, indicating recent discovery. The lack of a CVSS score requires an independent severity assessment based on the technical details and potential impact.

For European organizations utilizing Xorbits Inference versions 1.4.0 or 1.4.1, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of their machine learning inference systems. Successful exploitation could allow attackers to execute arbitrary code within the context of the vulnerable application, potentially leading to data breaches, manipulation of inference results, or disruption of critical AI-driven services. Given the increasing reliance on AI and machine learning in sectors such as finance, healthcare, manufacturing, and critical infrastructure across Europe, exploitation could have cascading effects including financial loss, reputational damage, and operational downtime. Furthermore, compromised inference systems could be leveraged as pivot points for lateral movement within enterprise networks. The absence of known exploits suggests a window of opportunity for proactive defense, but also underscores the need for vigilance as threat actors may develop exploits rapidly. The medium severity rating from the source may underestimate the potential impact if remote code execution is achievable without authentication or user interaction.

1. Immediate mitigation should include auditing all deployments of Xorbits Inference to identify instances running affected versions 1.4.0 and 1.4.1. 2. Until an official patch is released, organizations should implement strict input validation and sanitization controls around any data fed into the load function or related deserialization processes, potentially by sandboxing or isolating the inference environment. 3. Employ network segmentation and strict access controls to limit exposure of vulnerable inference systems to untrusted networks or users. 4. Monitor logs and system behavior for anomalies indicative of deserialization attacks, such as unexpected process executions or malformed input patterns. 5. Engage with Xorbits for timely updates and patches, and apply them promptly once available. 6. Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions capable of detecting and blocking deserialization exploit attempts. 7. Review and update incident response plans to include scenarios involving AI/ML system compromise. These steps go beyond generic advice by focusing on the specific deserialization context and the operational environment of AI inference systems.