CVE-2025-23045
Published: 28 January 2025
Summary
CVE-2025-23045 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Cvat Computer Vision Annotation Tool. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the deserialization flaw by upgrading to CVAT 2.26.0 or later to prevent arbitrary code execution.
Mandates restricting or prohibiting vulnerable serverless tracker functions like TransT and SiamMask to eliminate the attack surface as an interim mitigation.
Requires validation of serialized state inputs prior to deserialization to mitigate exploitation of unsafe libraries like pickle or jsonpickle.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization flaw in CVAT web app enables authenticated remote code execution in Nuclio container, directly mapping to exploitation of public-facing application (T1190) and Python command/script execution (T1059.006).
NVD Description
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container.…
more
This vulnerability affects CVAT deployments that run any of the serverless functions of type tracker from the CVAT Git repository, namely TransT and SiamMask. Deployments with custom functions of type tracker may also be affected, depending on how they handle state serialization. If a function uses an unsafe serialization library such as pickle or jsonpickle, it's likely to be vulnerable. Upgrade to CVAT 2.26.0 or later. If you are unable to upgrade, shut down any instances of the TransT or SiamMask functions you're running.
Deeper analysisAI
CVE-2025-23045 is a deserialization vulnerability (CWE-502) in the Computer Vision Annotation Tool (CVAT), an interactive video and image annotation tool for computer vision tasks. It affects CVAT deployments that run serverless functions of type "tracker" from the CVAT Git repository, specifically TransT and SiamMask. Custom tracker functions may also be vulnerable if they use unsafe serialization libraries such as pickle or jsonpickle. The flaw enables an attacker with an account on an affected CVAT instance to execute arbitrary code within the context of the Nuclio function container. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-28.
An authenticated attacker with a standard account on the CVAT instance can exploit this vulnerability remotely over the network with low complexity. By targeting the affected tracker functions, they can achieve remote code execution in the Nuclio container, potentially leading to high confidentiality, integrity, and availability impacts, such as data exfiltration, modification of annotation data, or container compromise.
Mitigation requires upgrading to CVAT version 2.26.0 or later, as detailed in the GitHub security advisory (GHSA-wq36-mxf8-hv62) and the fixing commit (563e1dfde64b15fa042b23f9d09cd854b35f0366). If upgrading is not feasible, administrators should immediately shut down any running instances of the TransT or SiamMask functions.
Details
- CWE(s)