A critical vulnerability has been identified in multiple MooreThreads products, designated as CVE-2025-65213. This flaw stems from unsafe deserialization, allowing an attacker to execute arbitrary code by tricking the application into loading a malicious file. Successful exploitation could lead to a complete compromise of the affected system, enabling data theft, service disruption, and further network intrusion.

The vulnerability exists within the torch_musa.utils.compare_tool library used by MooreThreads products. Specifically, the compare_for_single_op() and nan_inf_track_for_single_op() functions use the Python pickle.load() method to deserialize data from files. These functions do not properly validate the source or content of the file being loaded, allowing an attacker to supply a specially crafted malicious pickle file. When the application attempts to deserialize this file, it can execute arbitrary code embedded within it, leading to remote code execution (RCE) with the permissions of the application process.

This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the high potential for severe damage. A successful exploit could result in a complete system takeover, granting an attacker the ability to install malware, exfiltrate sensitive data, disrupt critical operations, and pivot to other systems within the network. The direct business risks include reputational damage, financial loss from operational downtime, data breach cleanup costs, and potential regulatory fines. Given that MooreThreads products are used in AI and high-performance computing, the compromise of these systems could lead to the theft of valuable intellectual property or the manipulation of critical data models.

Immediate Action: Organizations must immediately apply the security updates provided by the vendor. The primary remediation is to update all instances of affected MooreThreads products to the latest patched version. After patching, it is crucial to review system and application logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring on systems running the affected software. Security teams should look for suspicious process execution originating from the MooreThreads application, unexpected file creation or modification in directories accessible by the application, and unusual outbound network connections from affected servers. Monitor for any logs indicating errors or unexpected behavior related to file loading or the torch_musa library.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce risk:

• Restrict file system permissions for the service account running the MooreThreads application to prevent it from reading files from untrusted locations.
• Use application control or whitelisting solutions to prevent the vulnerable process from spawning unexpected child processes (e.g., shells, scripting engines).
• Run the application in a sandboxed or containerized environment to limit the impact of a potential compromise on the underlying host system.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability poses a severe and immediate risk to the organization. We strongly recommend that all affected MooreThreads products be patched on an emergency basis. All systems running this software should be considered high-priority targets for remediation. Although there is no current evidence of active exploitation, the potential for a full system compromise necessitates immediate and decisive action to prevent future attacks.