CVE-2025-61677

Name of the Vulnerable Software and Affected Versions DataChain versions 0.34.1 and below

Description DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. The library reads serialized objects from environment variables, specifically DATACHAIN METASTORE and DATACHAIN WAREHOUSE, within the loader.py module. This process allows for deserialization of untrusted data. An attacker who can set these environment variables can trigger code execution when the application loads.

Recommendations Update to version 0.34.2 or later.