Home

Description

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component

PUBLISHED Reserved 2025-08-17 | Published 2026-03-03 | Updated 2026-03-03 | Assigner mitre

References

github.com/...-Video-T2V/blob/main/api/call_remote_server.py

github.com/stepfun-ai/Step-Video-T2V/issues/65

cve.org (CVE-2025-57622)

nvd.nist.gov (CVE-2025-57622)

Download JSON