-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pyfory | pip | >= 0.12.0, < 0.12.3 | 0.12.3 |
| pyfury | pip | >= 0.1.0, <= 0.10.3 |
Miggo AIRoot Cause AnalysisThe vulnerability, CVE-2025-61622, is a critical deserialization of untrusted data flaw in Apache Fory (pyfory). The root cause is the use of a pickle-based fallback mechanism for deserializing object types that were not explicitly registered or supported. An attacker could craft a malicious data stream that, when deserialized, would force the application to use pickle.loads, leading to arbitrary code execution.
The analysis of the patch commit 379b948ecae5c3b849e5bdb3997978c9a163e40b reveals that the core of the vulnerability was in the Fory.handle_unsupported_read method, which existed in both a pure Python (_fory.py) and a Cython (_serialization.pyx) implementation. This method was responsible for invoking pickle.load (via a pickle.Unpickler instance) on the incoming data stream if the object type was not recognized.
Several serializers, such as DynamicPyArraySerializer and NDArraySerializer, relied on this insecure fallback mechanism, making them part of the vulnerable execution path. The patch addresses the vulnerability by completely removing the pickle-based fallback. The handle_unsupported_read methods were modified to no longer use pickle, and the serializers that depended on this behavior were updated to use safer, more explicit deserialization logic. The PickleSerializer class, which was the most direct implementation of this insecure behavior, was removed entirely. Therefore, any runtime profile during exploitation would have shown calls to these identified functions before the patch was applied.
PythonPythonOngoing coverage of React2Shell