CVE-2025-62703
CVE-2025-62703 affects Fugue up to version 0.9.2, where the RPC server’s FlaskRPCServer decodes data with cloudpickle.loads() without sanitization, enabling remote code execution through crafted pickle payloads. The issue lies in the _decode() function in fugue/rpc/flask.py, allowing deserializat...