CVE-2025-61622

Name of the Vulnerable Software and Affected Versions pyfory versions 0.12.0 through 0.12.2 pyfury versions 0.1.0 through 0.10.3

Description Deserialization of untrusted data in Python allows arbitrary code execution. An application is susceptible if it reads serialized data from untrusted sources. An attacker can craft a data stream that triggers the pickle-fallback serializer during deserialization, leading to the execution of the pickle.loads() function, which enables remote code execution.

Recommendations Upgrade pyfory to version 0.12.3 or later. Upgrade pyfury to pyfory version 0.12.3 or later.