Unrated severityNVD Advisory· Published Mar 3, 2026· Updated Mar 12, 2026

CVE-2025-57622

Description

An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component

Affected products

Step-Video-T2V/Step-Video-T2Vdescription
Step-Video-T2V/Step-Video-T2Vllm-create

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/stepfun-ai/Step-Video-T2V/blob/main/api/call_remote_server.pymitre
github.com/stepfun-ai/Step-Video-T2V/issues/65mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000