14 matches found
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
cryptidy allows code execution via untrusted data due to pickle.loads
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
builder-addon-pca (>=0.0.1 <=0.0.3), configparser-crypt (>=0.6.2 <=1.1.0) +5 more potentially affected by CVE-2025-63675 via cryptidy (=1.2.4)
cryptidy PYPI version =1.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on cryptidy and may be impacted: - builder-addon-pca =0.0.1, =0.6.2, =1.4.0, =0.2.0, =2.2.0rc6, =0.9.0, =0.0.4, =1.0.6 Source cves: CVE-2025-63675 Source advisory:...
GHSA-97W9-V595-3H5Q cryptidy allows code execution via untrusted data due to pickle.loads
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
Deserialization of Untrusted Data
Overview cryptidy is a Python high level library for symmetric & asymmetric encryption Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the aesdecryptmessage function. An attacker can execute arbitrary code by supplying crafted data that is deserialized...
builder-addon-pca (>=0.0.1 <=0.0.3), configparser-crypt (>=0.6.2 <=1.1.0) +5 more potentially affected by CVE-2025-63675 via cryptidy (=1.2.4)
cryptidy PYPI version =1.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on cryptidy and may be impacted: - builder-addon-pca =0.0.1, =0.6.2, =1.4.0, =0.2.0, =2.2.0rc6, =0.9.0, =0.0.4, =1.0.6 Source cves: CVE-2025-63675 Source advisory:...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
CVE-2025-63675
The vulnerability CVE-2025-63675 affects cryptidy up to version 1.2.4. The root cause is deserialization of untrusted data via pickle.loads in aes_decrypt_message within cryptidy/symmetric_encryption.py, enabling code execution. Multiple sources (Red Hat, OSV, GHSA, Snyk, CVE records) corroborate...
cryptidy 安全漏洞
cryptidy is an AES and RSA encryption and decryption software from the NetInvent Open Source Initiative open source. A security vulnerability exists in cryptidy 1.2.4 and earlier versions, which stems from the use of pickle.loads to process untrustworthy data in the aesdecryptmessage function in...
PT-2025-44585
Name of the Vulnerable Software and Affected Versions cryptidy versions through 1.2.4 Description The software allows code execution due to the use of pickle.loads with untrusted data. This issue occurs within the aes decrypt message function located in the symmetric encryption.py file...
cryptidy-analysis
PoC for cryptidy pickle deserialization RCE 🚨 CVE PoC — Unsaf...