关键漏洞信息 CVE ID: CVE-2025-13713 CVSS Score: 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Vendor: Tencent Affected Product: Hunyuan3D-1 Vulnerability Type: Untrusted Data Remote Code Execution Vulnerability Details: - The function has a flaw due to improper validation of user-supplied data, leading to deserialization of untrusted data. - An attacker may exploit this to execute arbitrary code with root privileges. Additional Details: - Tencent has released an update to address this issue. - For more information: https://github.com/Tencent-Hunyuan/Hunyuan3D-1/commit/454284503670312d4e06f6251c9be2f9f6d0fae7 Disclosure Timeline: - Vulnerability reported to vendor: 2025-05-22 - Coordinated public release of advisory: 2025-12-01 - Advisory Updated: 2025-12-01 Credit: Peter Girnus (@gothburz) of Trend Zero Day Initiative