CVE-2025-65213 identifies a critical unsafe deserialization vulnerability in the MooreThreads torch_musa library, affecting all versions. The vulnerability resides in the torch_musa.utils.compare_tool module, where the functions compare_for_single_op() and nan_inf_track_for_single_op() use Python's pickle.load() function on file paths controlled by the user without any validation or sanitization. Since pickle.load() can deserialize arbitrary Python objects, an attacker can craft a malicious pickle file that executes arbitrary code upon loading. This leads to remote code execution (RCE) with the same privileges as the victim process, which could be a user or system-level account depending on deployment. The vulnerability is particularly dangerous because deserialization attacks bypass many traditional security controls and can lead to full system compromise. No CVSS score has been assigned yet, and no patches or known exploits are currently reported. However, the vulnerability is publicly disclosed and should be considered critical due to the nature of arbitrary code execution and the widespread use of torch_musa in AI and data processing contexts. The lack of input validation on user-controlled file paths is a fundamental security flaw that requires immediate attention. Organizations using torch_musa should audit their use of these functions and avoid loading pickle files from untrusted sources until a patch is available.

For European organizations, the impact of this vulnerability can be significant, especially for those leveraging MooreThreads torch_musa in AI, machine learning, or data analytics workflows. Successful exploitation could lead to full system compromise, data theft, or disruption of critical AI services. Confidentiality is at risk as attackers can execute arbitrary code and potentially access sensitive data processed by the affected systems. Integrity and availability are also threatened since attackers could modify or delete data, inject malicious code, or disrupt operations. Given the increasing reliance on AI technologies in sectors such as finance, healthcare, manufacturing, and research across Europe, this vulnerability could have cascading effects on business continuity and regulatory compliance, including GDPR. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers may develop exploits rapidly once the vulnerability is public. Organizations that integrate torch_musa into cloud or on-premises environments must consider the risk of lateral movement and privilege escalation within their networks.

1. Immediately audit all uses of torch_musa.utils.compare_tool functions in your environment to identify any instances where pickle.load() is called on user-supplied file paths. 2. Avoid loading pickle files from untrusted or unauthenticated sources. 3. Implement strict input validation and sanitization on any file paths or data inputs used with these functions. 4. Where possible, replace pickle-based deserialization with safer serialization formats such as JSON or protobuf that do not allow code execution. 5. Monitor for unusual process behavior or unexpected network activity that could indicate exploitation attempts. 6. Apply principle of least privilege to processes running torch_musa to limit the impact of potential code execution. 7. Stay alert for official patches or updates from MooreThreads and apply them promptly once released. 8. Consider isolating AI workloads using containerization or sandboxing to reduce the blast radius of a compromise. 9. Educate developers and data scientists about the risks of unsafe deserialization and secure coding practices. 10. Incorporate this vulnerability into threat modeling and incident response plans to prepare for potential exploitation scenarios.