Cyber Resilience

CVE-2025-61622

CriticalRCE

Published: 01 October 2025

Published
01 October 2025
Modified
03 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0038 59.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-61622 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Apache Fory. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-61622 is a deserialization of untrusted data vulnerability (CWE-502) in the Python libraries pyfory versions 0.12.0 through 0.12.2 and legacy pyfury versions 0.1.0 through 0.10.3. It enables arbitrary code execution when an application deserializes pyfory serialized data from untrusted sources. Specifically, an attacker can craft a malicious data stream that forces the use of a pickle-fallback serializer during deserialization, triggering the execution of the insecure `pickle.loads` function.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity, no privileges or user interaction required. Any remote attacker capable of supplying crafted serialized data to a vulnerable application can achieve arbitrary code execution on the target system, potentially leading to full compromise.

Advisories recommend upgrading to pyfory version 0.12.3 or later, which removes the pickle fallback serializer and resolves the issue. Additional details are available in the Apache mailing list announcement at https://lists.apache.org/thread/vfn9hp9qt06db5yo1gmj3l114o3o2csd and the oss-security mailing list at http://www.openwall.com/lists/oss-security/2025/09/29/3.

EU & UK References

Vulnerability details

Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker…

more

can craft a data stream that selects pickle-fallback serializer during deserialization, leading to the execution of `pickle.loads`, which is vulnerable to remote code execution. Users are recommended to upgrade to pyfory version 0.12.3 or later, which has removed pickle fallback serializer and thus fixes this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables remote arbitrary code execution via crafted serialized data supplied over the network to vulnerable applications using pyfory/pyfury, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40473Same vendor: Apache
CVE-2026-33454Same vendor: Apache
CVE-2026-42359Same vendor: Apache
CVE-2024-54676Same vendor: Apache
CVE-2026-40860Same vendor: Apache
CVE-2026-25747Same vendor: Apache
CVE-2026-41409Same vendor: Apache
CVE-2024-56180Same vendor: Apache
CVE-2026-42779Same vendor: Apache
CVE-2024-52577Same vendor: Apache

Affected Assets

apache
fory
0.1.0 — 0.10.3 · 0.12.0 — 0.12.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching of the vulnerable pyfory library to version 0.12.3 or later, removing the pickle fallback serializer to eliminate the deserialization RCE vulnerability.

prevent

Enforces validation of untrusted serialized data inputs prior to deserialization, preventing exploitation of crafted malicious streams that trigger pickle.loads.

detect

Provides for scanning to identify deployed vulnerable pyfory versions 0.12.0-0.12.2 or legacy pyfury, enabling detection and remediation before exploitation.

References