-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pyfory | pip | >= 0.12.0, < 0.12.3 | 0.12.3 |
| pyfury | pip | >= 0.1.0, <= 0.10.3 |
Miggo AIRoot Cause AnalysisThe vulnerability, CVE-2025-61622, is a critical deserialization of untrusted data flaw in Apache Fory (pyfory). The root cause is the use of a pickle-based fallback mechanism for deserializing object types that were not explicitly registered or supported. An attacker could craft a malicious data stream that, when deserialized, would force the application to use pickle.loads, leading to arbitrary code execution.
The analysis of the patch commit 379b948ecae5c3b849e5bdb3997978c9a163e40b reveals that the core of the vulnerability was in the Fory.handle_unsupported_read method, which existed in both a pure Python (_fory.py) and a Cython (_serialization.pyx) implementation. This method was responsible for invoking pickle.load (via a pickle.Unpickler instance) on the incoming data stream if the object type was not recognized.
Several serializers, such as DynamicPyArraySerializer and NDArraySerializer, relied on this insecure fallback mechanism, making them part of the vulnerable execution path. The patch addresses the vulnerability by completely removing the pickle-based fallback. The handle_unsupported_read methods were modified to no longer use pickle, and the serializers that depended on this behavior were updated to use safer, more explicit deserialization logic. The PickleSerializer class, which was the most direct implementation of this insecure behavior, was removed entirely. Therefore, any runtime profile during exploitation would have shown calls to these identified functions before the patch was applied.