CVE-2025-57622

NONE EPSS 0.46%

Mar 03, 2026

Updated Mar 03, 2026

Parameter	Value
Vendor	An
Public PoC	No

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component

References 2

https://github.com/stepfun-ai/Step-Video-T2V/blob/main/api/call_remote_server.py

cve@mitre.org

https://github.com/stepfun-ai/Step-Video-T2V/issues/65

cve@mitre.org

Share Post Share Share Share

CVE Details

CVE ID

CVE-2025-57622

Published Date

Mar 03, 2026

Vendor

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.46%

Likelihood of exploitation in next 30 days

Percentile: 64.4th percentile (higher than 64.4% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2025-57622

References 2

CVE Details

Editor's Choice

Menu

CVE-2025-57622

References 2

CVE Details

Editor's Choice

Stay informed on cybersecurity