CVE-2025-6279
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| upsonic | upsonic | to 0.55.6 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability allows an attacker to exploit unsafe deserialization, potentially leading to unauthorized code execution or other malicious actions. This can compromise the affected system's integrity, confidentiality, and availability.
Can you explain this vulnerability to me?
This vulnerability is a critical issue found in Upsonic up to version 0.55.6, specifically in the cloudpickle.loads function within the /tools/add_tool file of the Pickle Handler component. It involves manipulation that leads to unsafe deserialization, which can be exploited.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70