CVE-2025-57622
Published: 03 March 2026
Summary
CVE-2025-57622 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-57622 is a critical vulnerability (CVSS score 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting Step-Video-T2V, an open-source project from stepfun-ai. The flaw arises from unsafe deserialization of untrusted data via the feature = pickle.loads(request.get_data()) mechanism in the /vae-api and /caption-api components, mapped to CWE-502 (Deserialization of Untrusted Data). Published on 2026-03-03, it enables remote arbitrary code execution on affected instances running this software.
Any unauthenticated remote attacker with network access can exploit this vulnerability with low complexity and no user interaction required. Exploitation involves sending crafted requests to the vulnerable endpoints, triggering the deserialization of malicious pickle data and resulting in arbitrary code execution on the server. This yields high-impact consequences across confidentiality, integrity, and availability.
The vulnerability is detailed in the Step-Video-T2V GitHub repository, including the source code at https://github.com/stepfun-ai/Step-Video-T2V/blob/main/api/call_remote_server.py and issue tracker at https://github.com/stepfun-ai/Step-Video-T2V/issues/65. No specific patches, vendor advisories, or mitigation guidance are outlined in these references.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208231
Vulnerability details
An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote attackers to exploit a public-facing web API endpoint (/vae-api and /caption-api) via unsafe deserialization, enabling arbitrary code execution, which directly maps to T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation and sanitization of all inputs, directly preventing malicious pickle deserialization payloads from being processed in the /vae-api and /caption-api endpoints.
Mandates timely identification, reporting, and correction of flaws like unsafe pickle.loads on untrusted data, addressing the root cause of this RCE vulnerability.
Enforces boundary protection mechanisms such as web application firewalls to inspect and block crafted requests targeting the vulnerable deserialization endpoints.