Deserialization Flaw in Tencent MimicMotion Allows Remote Code Execution
CVE-2025-13716
7.8HIGH
What is CVE-2025-13716?
A vulnerability exists in Tencent MimicMotion's create_pipeline function, which improperly validates user-supplied data. This flaw allows remote attackers to execute arbitrary code on compromised installations when the user interacts with a malicious page or file. By exploiting this vulnerability, an attacker can gain root-level access, risking system integrity and confidentiality.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
MimicMotion Current
References
CVSS V3.0
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved