Miggo Logo
Miggo Vulnerability Database
CVE-2025-61765

CVE-2025-61765: python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments

6.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-61765
GHSA ID
GHSA-g8c6-8fjj-2r4m
EPSS Score
0.56725%
CWE
CWE-502
Published
10/7/2025
Updated
10/7/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
python-socketiopip>= 0.8.0, < 5.14.05.14.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is a classic case of insecure deserialization (CWE-502) within the python-socketio library. The issue arises when multiple python-socketio servers are configured in a cluster using a message queue (like Redis, RabbitMQ, Kafka, etc.) for inter-process communication. The library used Python's pickle module to serialize and deserialize messages exchanged between these servers.

An attacker who gains access to this internal message queue can inject a malicious, specially crafted pickle payload. When a server process retrieves this message from the queue, it uses pickle.loads() to deserialize it. The pickle module is not secure against erroneous or maliciously constructed data. A malicious pickle can be constructed to execute arbitrary code upon deserialization, leading to a Remote Code Execution (RCE) vulnerability in the context of the server process.

The provided patch mitigates this vulnerability by completely removing the usage of pickle for serialization across all message queue managers (Redis, Kafka, RabbitMQ, ZMQ). It replaces pickle with the much safer json module. JSON is a pure data format and does not have the capability to execute code, thus eliminating the deserialization vulnerability.

The identified vulnerable functions are the specific methods within the various message queue manager classes that were responsible for calling pickle.loads() on incoming data from the queue. These functions represent the direct entry point for the exploit.

Vulnerable functions

AsyncPubSubManager._thread
src/socketio/async_pubsub_manager.py
This asynchronous method processes messages from a pub/sub queue. It attempts to deserialize byte-based messages using `pickle.loads`, which is unsafe and can lead to remote code execution if the message is a malicious pickle payload from a compromised message queue.
PubSubManager._thread
src/socketio/pubsub_manager.py
This is the synchronous version of `AsyncPubSubManager._thread`. It processes messages from a pub/sub queue and insecurely deserializes byte-based messages using `pickle.loads`, creating a remote code execution vulnerability.
AioPikaManager._listen
src/socketio/async_aiopika_manager.py
This method listens for messages from a RabbitMQ queue (via aio-pika) and directly deserializes the message body using `pickle.loads`. This makes it a direct vector for the RCE vulnerability.
KafkaManager._listen
src/socketio/kafka_manager.py
This method consumes messages from a Kafka topic and uses `pickle.loads` to deserialize the message value. An attacker with access to the Kafka topic could place a malicious payload, which would be executed by the server process.
ZmqManager._listen
src/socketio/zmq_manager.py
This method receives messages from a ZeroMQ socket and deserializes them using `pickle.loads`. This is an insecure operation that exposes the application to remote code execution if the ZMQ transport layer is compromised.

WAF Protection Rules

WAF Rule

### Summ*ry * r*mot* *o** *x**ution vuln*r**ility in pyt*on-so*k*tio v*rsions prior to *.**.* *llows *tt**k*rs to *x**ut* *r*itr*ry Pyt*on *o** t*rou** m*li*ious pi*kl* **s*ri*liz*tion in multi-s*rv*r **ploym*nts on w*i** t** *tt**k*r pr*viously **in

Reasoning

T** vuln*r**ility is * *l*ssi* **s* o* ins**ur* **s*ri*liz*tion (*W*-***) wit*in t** `pyt*on-so*k*tio` li*r*ry. T** issu* *ris*s w**n multipl* `pyt*on-so*k*tio` s*rv*rs *r* *on*i*ur** in * *lust*r usin* * m*ss*** qu*u* (lik* R**is, R***itMQ, K**k*, *