PT-2025-45693 — Deserialization of Untrusted Data in Pypi Cryptidy

PT-2025-45693 · Pypi · Cryptidy

Published

2025-10-31

Updated

2025-10-31

CVSS v3.1

6.9

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes decrypt message in symmetric encryption.py.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

GHSA-97W9-V595-3H5Q

Affected Products

Cryptidy

PT-2025-45693 · Pypi · Cryptidy

Weakness Enumeration

Related Identifiers

Affected Products

References · 5