Exploit for CVE-2025-55182

CVE-2025-55182 some notes template: py !/usr/bin/env py...

CVE-2025-62515 Remote Code Execution by Pickle Deserialization via FlightServer in pyquokka

pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation in the doaction method. The vulnerable code is locate...

GHSA-F74J-GFFQ-VM9P pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer

Description In the FlightServer class of the pyquokka framework, the doaction method directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...

pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer

Description In the FlightServer class of the pyquokka framework, the doaction method directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...