CVE-2025-65213

Name of the Vulnerable Software and Affected Versions MooreThreads torch musa (affected versions not specified)

Description MooreThreads torch musa contains an unsafe deserialization issue within the torch musa.utils.compare tool module. The compare for single op() and nan inf track for single op() functions utilize pickle.load() on file paths controlled by the user without proper validation. This allows for arbitrary code execution by loading a malicious pickle file, potentially granting an attacker remote code execution with the privileges of the affected process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.