CVE-2025-13713 | Tencent Hunyuan3D-1 load_pretrained deserialization (ZDI-25-1027)

Inserito da Angelo Barbosa | Dic 2, 2025 | CVE

A vulnerability, which was classified as critical, has been found in Tencent Hunyuan3D-1. Affected by this issue is the function load_pretrained. This manipulation causes deserialization.

This vulnerability is tracked as CVE-2025-13713. The attack is possible to be carried out remotely. No exploit exists.

To fix this issue, it is recommended to deploy a patch.

CVE-2025-13713 | Tencent Hunyuan3D-1 load_pretrained deserialization (ZDI-25-1027)

Post correlati

CVE-2024-41170 | Siemens Tecnomatix Plant Simulation prior 2302.0015/2404.0004 SPP File stack-based overflow (ssa-427715)

CVE-2023-49798 | OpenZeppelin openzeppelin-contracts 4.9.4 Subcall control flow (GHSA-699g-q6qh-q4v8)

CVE-2024-7155 | TOTOLINK A3300R 17.0.0cu.557_B20221024 /etc/shadow.sample hard-coded password

CVE-2024-4254 | Gradio improper authorization