Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
CVE-2025-13715: Tencent FaceDetection-DSFD allows remote code execution through malicious pages or files
CVE-2025-13715
Summary
The Tencent FaceDetection-DSFD software does not properly check user input, which means that a hacker can trick a user into visiting a malicious webpage or opening a malicious file to take control of the affected system. This could lead to unauthorized access and potentially serious consequences. To protect against this, ensure that users are cautious when interacting with unknown web content and verify the source of any files before opening them.
Original title
Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installatio...
Original description
Tencent FaceDetection-DSFD resnet Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent FaceDetection-DSFD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the resnet endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27197.
The specific flaw exists within the resnet endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27197.
nvd CVSS3.0
7.8
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 23 Dec 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026