CVE-2025-61765
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| miguelgrinberg | python-socketio | 0.8.0 |
| miguelgrinberg | python-socketio | * |
| miguelgrinberg | python-socketio | 5.14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61765 is a remote code execution vulnerability in the python-socketio package versions prior to 5.14.0. It affects multi-server deployments where Socket.IO servers use a message queue backend like Redis for inter-server communication. These servers serialize messages using Python's insecure pickle module. If an attacker gains access to the message queue, they can send a maliciously crafted pickle payload that executes arbitrary Python code during deserialization, exploiting Python's __reduce__ method. This allows the attacker to run code with the privileges of the Socket.IO server process. Single-server setups without message queues or multi-server setups with secure message queues are not vulnerable. The vulnerability was fixed by replacing pickle serialization with safer JSON encoding in version 5.14.0. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker who has previously compromised the message queue to execute arbitrary Python code on the Socket.IO server with the server's privileges. This can lead to full compromise of the server's confidentiality, integrity, and availability. The attacker could potentially manipulate data, disrupt services, or gain further access to the system. The severity is moderate with a CVSS score of 6.4. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your python-socketio deployment is using a message queue backend (such as Redis) for inter-server communication and if the python-socketio version is prior to 5.14.0. Additionally, detection involves verifying if the message queue has been compromised or accessed by unauthorized users. Since the vulnerability involves deserialization of pickle data from the message queue, monitoring or inspecting message queue traffic for suspicious or unexpected pickle payloads could help. Specific commands are not provided in the resources, but you can check the python-socketio version with `pip show python-socketio` and inspect your message queue access logs or use message queue client commands (e.g., `redis-cli MONITOR` for Redis) to detect unusual activity. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading python-socketio to version 5.14.0 or newer, which replaces the insecure pickle serialization with safer JSON serialization for inter-server messaging. Additionally, secure the message queue by following standard security practices such as restricting access to the message queue to trusted hosts only, enabling authentication and encryption on the message queue, and ensuring the message queue is not exposed to untrusted networks. These steps prevent attackers from gaining access to the message queue and sending malicious payloads. [1, 2]