CVE-2025-57622 PUBLISHED

Assigner: mitre
Reserved: 17.08.2025 Published: 03.03.2026 Updated: 03.03.2026

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component

Product Status

Vendor	n/a
Product	n/a
Versions	Version n/a is affected

References

https://github.com/stepfun-ai/Step-Video-T2V/blob/main/api/call_remote_server.py
https://github.com/stepfun-ai/Step-Video-T2V/issues/65

Problem Types

n/a text