Deserialization of Untrusted Data

Overview cryptidy is a Python high level library for symmetric & asymmetric encryption Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the aesdecryptmessage function. An attacker can execute arbitrary code by supplying crafted data that is deserialized...

CVE-2025-63675

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

CVE-2025-63675

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

CVE-2025-63675

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

PT-2025-44585

Name of the Vulnerable Software and Affected Versions cryptidy versions through 1.2.4 Description The software allows code execution due to the use of pickle.loads with untrusted data. This issue occurs within the aes decrypt message function located in the symmetric encryption.py file...