CVE-2025-6279
Description
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
EPSS Score
Exploitation Probability
0.06
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-6278,CVE-2025-6279 are fixed in Python-upsonic 0.56.0 | Windows |
| Vulnerabilities CVE-2025-6278,CVE-2025-6279 are fixed in Python-upsonic for linux 0.56.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234