CVE-2025-13706

Name of the Vulnerable Software and Affected Versions Tencent PatrickStar (affected versions not specified)

Description A flaw exists in Tencent PatrickStar that allows remote attackers to execute arbitrary code. User interaction is required, specifically the target must visit a malicious page or open a malicious file. The issue is due to insufficient validation of user-supplied data, leading to deserialization of untrusted data within the merge checkpoint API endpoint. Successful exploitation allows an attacker to execute code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.