CVE-2025-62515

Name of the Vulnerable Software and Affected Versions pyquokka versions 0.3.1 and earlier marsupialtail quokka versions 3.0.1 and earlier

Description pyquokka contains a critical remote code execution (RCE) flaw stemming from the insecure deserialization of data received from Flight clients. The FlightServer class utilizes pickle.loads() without sanitization or validation within the do action() method, located in pyquokka/flight.py at line 283. When the FlightServer is configured to listen on 0.0.0.0, this allows attackers across the network to execute arbitrary code by sending malicious pickled payloads through the set configs action. Additional vulnerable functions include cache garbage collect, do put, and do get, which also use pickle.loads() to deserialize untrusted remote data. An attacker can exploit this by sending a crafted pickle dump, such as a payload designed to execute the 'ls -l' command, leading to complete system compromise, data exfiltration, and potential lateral movement within the network.

Recommendations Versions prior to 0.3.1: Replace pickle.loads() with safer alternatives such as JSON serialization, Protocol Buffers, or MessagePack. If pickle must be used, implement a custom Unpickler with a restricted find class() method that only allows whitelisted classes. Versions prior to 3.0.1: Replace pickle.loads() with safer alternatives such as JSON serialization, Protocol Buffers, or MessagePack. If pickle must be used, implement a custom Unpickler with a restricted find class() method that only allows whitelisted classes.