Deserialization Of Untrusted Data

pyfory and pyfury are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the ability to craft a malicious serialized data stream that triggers the pickle-fallback serializer, which allows an attacker to invoke pickle.loads and achieve remote code execution...

EUVD-2025-31867

EUVD-2025-31867...

Deserialization of Untrusted Data

Overview pyfury is an Apache Fury™incubating is a blazingly fast multi-language serialization framework powered by jit and zero-copy Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the pickle module. An attacker can execute arbitrary code by crafting a da...

CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory

Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...

Apache Fory 安全漏洞

Apache Fory is a JIT-based dynamic compilation and zero-copy technology based on multi- language serialization framework , designed for distributed systems and high-performance computing scenarios . Apache Fory suffers from a deserialization vulnerability that stems from unsafe deserialization of...