Miggo Logo
Miggo Vulnerability Database
CVE-2025-63675

CVE-2025-63675: cryptidy allows code execution via untrusted data due to pickle.loads

6.9

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-63675
GHSA ID
GHSA-97w9-v595-3h5q
EPSS Score
0.08267%
CWE
CWE-502
Published
10/31/2025
Updated
10/31/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
cryptidypip<= 1.2.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability exists because the cryptidy library uses pickle.loads() to deserialize data that has been decrypted. This is a dangerous practice when the encrypted data can be controlled by an attacker, as it allows for arbitrary code execution. The core of the vulnerability lies in the aes_decrypt_message function within cryptidy/symmetric_encryption.py. This function is called by several other functions in the library, including decrypt_message in the same file, and rsa_decrypt_message and decrypt_message in cryptidy/asymmetric_encryption.py. Therefore, both symmetric and asymmetric decryption operations are vulnerable. The analysis of the provided code and commit history confirms the presence of the vulnerable pickle.loads() call and the call chains that lead to it. Since there is no patched version available, any usage of these decryption functions in cryptidy version 1.2.4 and below is insecure.

Vulnerable functions

aes_decrypt_message
cryptidy/symmetric_encryption.py
This function is the core of the vulnerability. It takes decrypted data and uses `pickle.loads()` to deserialize it. An attacker can provide a specially crafted payload that, when deserialized, will execute arbitrary code on the system. The function is present in the vulnerable versions of the library.
decrypt_message
cryptidy/symmetric_encryption.py
This function is a wrapper around the vulnerable `aes_decrypt_message` function. It decodes a base64 encoded message and passes it to `aes_decrypt_message`, which then uses `pickle.loads()` on the decrypted data, leading to potential remote code execution.
rsa_decrypt_message
cryptidy/asymmetric_encryption.py
This function, used for asymmetric decryption, decrypts an AES session key and then calls the vulnerable `aes_decrypt_message` function with the encrypted message and the decrypted session key. This exposes the application to the same `pickle.loads()` vulnerability.
decrypt_message
cryptidy/asymmetric_encryption.py
This function is a wrapper for `rsa_decrypt_message`. It decodes a base64 encoded message and passes it to `rsa_decrypt_message`, which in turn calls the vulnerable `aes_decrypt_message` function, leading to the `pickle.loads()` vulnerability.

WAF Protection Rules

WAF Rule

*rypti*y t*rou** *.*.* *llows *o** *x**ution vi* untrust** **t* ****us* pi*kl*.lo**s is us**. T*is o**urs in **s_***rypt_m*ss*** in symm*tri*_*n*ryption.py.

Reasoning

T** vuln*r**ility *xists ****us* t** `*rypti*y` li*r*ry us*s `pi*kl*.lo**s()` to **s*ri*liz* **t* t**t **s ***n ***rypt**. T*is is * **n**rous pr**ti** w**n t** *n*rypt** **t* **n ** *ontroll** *y *n *tt**k*r, *s it *llows *or *r*itr*ry *o** *x**utio