CVE-2025-62373

Name of the Vulnerable Software and Affected Versions Pipecat versions 0.0.41 through 0.0.93

Description An issue exists in the LivekitFrameSerializer class, an optional and deprecated frame serializer used for LiveKit integration. The deserialize() function in src/pipecat/serializers/livekit.py uses Python's pickle.loads() to process data received from WebSocket clients without proper validation or sanitization. A malicious client can send a specially crafted pickle payload to execute arbitrary code on the server. This can lead to full system compromise if the server is configured to use this serializer and is listening on an external interface.

Recommendations Update to version 0.0.94 or later and switch to the recommended LiveKitTransport or another secure method provided by the framework. Stop using the LivekitFrameSerializer class entirely. Bind the server to 127.0.0.1 instead of 0.0.0.0 to prevent external network access. Implement authentication and authorization on WebSocket connections to restrict who can send data.