CVE-2025-65213 is a critical security vulnerability identified in the MooreThreads torch_musa library, specifically within the torch_musa.utils.compare_tool module. The vulnerability stems from unsafe deserialization practices in the compare_for_single_op() and nan_inf_track_for_single_op() functions, which use Python's pickle.load() function on file paths that can be controlled by an attacker. Since pickle.load() can execute arbitrary code embedded within a serialized object, an attacker who can supply a malicious pickle file can trigger arbitrary code execution within the context of the victim process. This vulnerability does not require any privileges or user interaction and can be exploited remotely if an attacker can influence the file path input. The vulnerability affects all versions of torch_musa as no specific version restrictions are noted. The CVSS v3.1 score of 9.8 reflects its critical severity, with a network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact includes full compromise of confidentiality, integrity, and availability of the affected system. No patches or fixes are currently published, and no exploits have been reported in the wild yet. The underlying weakness corresponds to CWE-502 (Deserialization of Untrusted Data), a well-known and dangerous class of vulnerabilities. This issue is particularly concerning for environments where torch_musa is used to process untrusted or external data, such as AI model training or inference pipelines, where malicious actors could leverage this flaw to execute arbitrary commands, install malware, or pivot within networks.

For European organizations, the impact of CVE-2025-65213 is substantial, particularly for those involved in AI research, machine learning, and data analytics where torch_musa may be integrated. Successful exploitation allows attackers to execute arbitrary code remotely with the same privileges as the application, potentially leading to full system compromise, data theft, disruption of services, or lateral movement within corporate networks. Confidentiality breaches could expose sensitive intellectual property or personal data protected under GDPR, leading to regulatory penalties and reputational damage. Integrity and availability impacts could disrupt critical AI workflows or data processing pipelines, causing operational downtime and financial losses. Given the critical CVSS score and the lack of required authentication or user interaction, the threat surface is broad, increasing the likelihood of exploitation if mitigations are not applied promptly. The absence of known exploits in the wild currently provides a window for proactive defense, but the vulnerability’s nature makes it a prime target for attackers once exploit code becomes available.

1. Immediately audit all uses of torch_musa in your environment to identify any instances where pickle.load() is called on user-controllable inputs, especially within compare_for_single_op() and nan_inf_track_for_single_op() functions. 2. Implement strict input validation and sanitization to ensure that only trusted and verified pickle files are processed. 3. Where possible, replace pickle-based deserialization with safer alternatives such as JSON or other secure serialization formats that do not allow code execution. 4. Employ sandboxing or containerization techniques to isolate processes that handle deserialization of external data, limiting the impact of potential exploitation. 5. Monitor network and application logs for unusual file access patterns or execution behaviors that could indicate exploitation attempts. 6. Establish strict access controls and least privilege principles for services running torch_musa to minimize the privileges available to an attacker. 7. Stay alert for official patches or updates from MooreThreads and apply them immediately upon release. 8. Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions capable of detecting anomalous code execution related to deserialization attacks.