CVE-2025-57622

Name of the Vulnerable Software and Affected Versions Step-Video-T2V (affected versions not specified)

Description An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code. The issue is related to the /vae-api and /caption-api endpoints, specifically through the pickle.loads(request.get data()) component. The request.get data() function retrieves data sent by a client, and pickle.loads() deserializes this data. Deserializing untrusted data with pickle.loads() can lead to arbitrary code execution if the pickled data is maliciously crafted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.