CVE-2025-6279

CVSS v3.1

8.0

High

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Upsonic versions up to 0.55.6

Description A critical issue has been found in the Pickle Handler component of Upsonic, affecting the cloudpickle.loads function. This issue leads to deserialization. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 0.55.6, consider disabling the cloudpickle.loads function in the Pickle Handler component as a temporary workaround until a patch is available. Restrict access to the /tools/add tool file to minimize the risk of exploitation.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

CVE-2025-6279

GHSA-RPFV-46XJ-5984

PYSEC-2025-68

Affected Products

Upsonic

CVE-2025-6279

Weakness Enumeration

Related Identifiers

Affected Products

References · 19