CVE-2025-23045: Arbitrary Code Execution Vulnerability in Computer Vision Annotation Tool (CVAT) and How to Mitigate It

Computer Vision Annotation Tool (CVAT) is a widely used interactive video and image annotation tool developed to assist in labeling data for computer vision algorithms. However, recent findings have revealed a critical vulnerability (CVE-2025-23045) that allows an attacker to execute arbitrary code on the CVAT server. This article provides a detailed overview of the vulnerability, affected components, and mitigation steps you can take to protect your CVAT deployment.

Affected Components

The vulnerability affects CVAT deployments running any of the serverless functions of type 'tracker' from the official CVAT Git Repository (https://github.com/openvinotoolkit/cvat). Specifically, the TransT and SiamMask functions are vulnerable. Custom implementations of type 'tracker' may also be affected if they use unsafe serialization libraries such as pickle or jsonpickle.

Vulnerability Details

An attacker with an account on a vulnerable instance of CVAT can run arbitrary code within the context of the Nuclio function container. The attacker can achieve this by exploiting the unsafe state serialization practices employed in the TransT and SiamMask functions. For instance, if these functions use Python's "pickle" or "jsonpickle" libraries for serialization, they're exposing themselves to arbitrary code execution attacks. Untrusted data loaded through these serialization libraries can contain malicious objects that, when deserialized, result in the execution of unauthorized code.

To demonstrate the vulnerability, we can use the following code snippet

import pickle
class Exploit(object):
    def __reduce__(self):
        return (exec, ("ls",))
payload = pickle.dumps(Exploit())
result = pickle.loads(payload)

This example uses the 'pickle' library to serialize and deserialize a custom exploit object. When deserialized, the exploit object executes the 'ls' command, which signifies arbitrary code execution.

Mitigation Steps

To protect your CVAT deployment from arbitrary code execution attacks, it's essential to follow these steps:

1. Upgrade to CVAT 2.26. or later. The latest version of CVAT addresses this vulnerability and provides enhanced security measures. You can find the latest version at the official GitHub repository (https://github.com/openvinotoolkit/cvat/releases).

2. If upgrading to the latest version is not possible, you should at least shut down any instances of the TransT or SiamMask functions you're running. Doing so will significantly reduce the risk of exploitation.

3. Avoid using unsafe serialization libraries such as pickle or jsonpickle in your custom 'tracker' functions. Instead, consider using safer alternatives like JSON or MessagePack.

4. Ensure that all CVAT users have strong password policies and limit users' access to the system based on their roles.

Conclusion

The CVE-2025-23045 vulnerability presents a significant security risk for CVAT deployments using the vulnerable versions. By following the mitigation steps outlined in this article, you can significantly reduce the risk of arbitrary code execution attacks on your CVAT deployment. It's important to keep your software up to date and ensure that you follow best practices to maintain a secure environment.

Timeline

Published on: 01/28/2025 16:15:40 UTC