CVE-2025-61765: Insecure Loop Iterable Unpickling
Deserialization of untrusted data from an iterator or message queue loop using `pickle.loads` can result in Remote Code Execution (RCE). Pickled payloads are inherently unsafe. Use a safer serialization format like `json.loads`.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Python
Pythongreprules fetch cve-2025-61765-insecure-loop-iterable-unpickling --engine opengrepDescription
Deserialization of untrusted data from an iterator or message queue loop using `pickle.loads` can result in Remote Code Execution (RCE). Pickled payloads are inherently unsafe. Use a safer serialization format like `json.loads`.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0