6 matches found
CVE-2025-57622
An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...
CVE-2025-57622
An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...
CVE-2025-57622
An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...
CVE-2025-57622
CVE-2025-57622 concerns Step-Video-T2V. Public descriptions identify a remote code execution vulnerability exploitable via the /vae-api and /caption-api endpoints, where untrusted request data is deserialized with pickle.loads(), enabling arbitrary code execution. The issue is described across mu...
Step-Video-T2V 安全漏洞
Step-Video-T2V is an image-to-video model open-sourced by stepfun-ai. There is a security vulnerability in Step-Video-T2V. This vulnerability stems from the use of pickle.loads to process request data in the /vae-api and /caption-api components. It may allow a remote attacker to execute arbitrary...
EUVD-2025-208231
An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loadsrequest.getdata component...