CVE-2025-3165
📋 TL;DR
This vulnerability allows local attackers to execute arbitrary code through unsafe deserialization in the thu-pacman chitu package. Attackers can exploit the torch.load function in backend.py by manipulating checkpoint path arguments. Only users running vulnerable versions of this specific software are affected.
💻 Affected Systems
- thu-pacman chitu
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with arbitrary code execution as the user running the vulnerable software, potentially leading to data theft, privilege escalation, or lateral movement.
Likely Case
Local privilege escalation or arbitrary code execution within the context of the vulnerable application, allowing attackers to access sensitive data or modify system behavior.
If Mitigated
Limited impact with proper access controls and sandboxing, potentially only affecting isolated application data.
🎯 Exploit Status
Requires local access to the system running vulnerable software. Exploitation involves manipulating checkpoint path arguments to trigger unsafe deserialization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://github.com/thu-pacman/chitu/issues/32
Restart Required: No
Instructions:
No official patch available. Monitor GitHub repository for updates. Consider removing or replacing vulnerable software.
🔧 Temporary Workarounds
Input validation and sanitization
allImplement strict validation of checkpoint path arguments before passing to torch.load function.
# Modify backend.py to validate ckpt_path/quant_ckpt_dir parameters
# Add path sanitization and whitelist validation
Restrict file system access
linuxRun chitu with minimal privileges and restrict access to sensitive directories.
# Run as non-root user
# chmod 700 /path/to/chitu/directories
# Use chroot or containerization
🧯 If You Can't Patch
- Remove or disable the vulnerable chitu package from production systems
- Implement strict access controls and monitor for suspicious local activity
🔍 How to Verify
Check if Vulnerable:
Check if chitu version 0.1.0 is installed and if backend.py contains vulnerable torch.load calls without proper input validation.Check Version:
pip show chitu | grep VersionVerify Fix Applied:
Verify that checkpoint path arguments are properly validated before deserialization or that software has been updated/removed.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from chitu processes
- Errors or warnings related to torch.load deserialization
- Unexpected process execution from chitu context
Network Indicators:
- Not applicable - local vulnerability only
SIEM Query:
process_name:"python" AND process_args:"chitu" AND (event_type:"file_access" OR event_type:"process_execution")