Tencent NeuralNLP-NeuralClassifier loadcheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the loadcheckpoint function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27184.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/13xxx/CVE-2025-13708.json",
"cna_assigner": "zdi",
"cwe_ids": [
"CWE-502"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "Current"
},
{
"last_affected": "Current"
}
],
"source": "AFFECTED_FIELD"
}
]
}