{"id":"PYSEC-2025-68","details":"A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.","aliases":["CVE-2025-6279","GHSA-rpfv-46xj-5984"],"modified":"2026-06-10T17:02:48.341284313Z","published":"2025-06-19T21:15:27Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?ctiid.313283"},{"type":"ADVISORY","url":"https://vuldb.com/?id.313283"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.593099"},{"type":"EVIDENCE","url":"https://github.com/Upsonic/Upsonic/issues/353"},{"type":"REPORT","url":"https://github.com/Upsonic/Upsonic/issues/353"},{"type":"WEB","url":"https://vuldb.com/?ctiid.313283"},{"type":"WEB","url":"https://vuldb.com/?id.313283"},{"type":"WEB","url":"https://vuldb.com/?submit.593099"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-rpfv-46xj-5984"}],"affected":[{"package":{"name":"upsonic","ecosystem":"PyPI","purl":"pkg:pypi/upsonic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.56.0"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.11.0","0.11.1","0.11.10","0.11.11","0.11.2","0.11.3","0.11.4","0.11.5","0.11.6","0.11.7","0.11.8","0.11.9","0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.13.0","0.13.1","0.13.2","0.13.3","0.14.0","0.14.1","0.14.2","0.14.3","0.15.0","0.16.0","0.16.1","0.17.0","0.17.1","0.18.0","0.19.0","0.19.1","0.19.2","0.19.3","0.19.4","0.20.0","0.20.1","0.20.2","0.20.3","0.21.0","0.22.0","0.23.0","0.23.1","0.23.2","0.23.3","0.23.4","0.24.0","0.24.1","0.24.2","0.25.0","0.26.0","0.27.0","0.28.0","0.28.1","0.28.2","0.28.3","0.28.4","0.30.0","0.30.2","0.30.7","0.32.0","0.33.1","0.34.0","0.34.1","0.34.2","0.34.3","0.35.0a1736970242","0.35.0a1736970720","0.35.0a1736971149","0.35.0a1736971897","0.35.0a1736972885","0.35.0a1736974243","0.35.0a1736975119","0.35.0a1736976284","0.35.0a1736978167","0.35.0a1736979941","0.35.0a1736981630","0.35.0a1736982287","0.35.0a1736982640","0.35.0a1736983736","0.35.0a1736984772","0.35.0a1736986092","0.35.0a1737010781","0.35.0a1737010942","0.35.0a1737015222","0.35.0a1737016349","0.35.0a1737023679","0.35.0a1737033652","0.35.0a1737033931","0.35.0a1737034519","0.35.0a1737042503","0.35.0a1737042958","0.35.0a1737043600","0.35.0a1737044257","0.35.0a1737044843","0.35.0a1737045225","0.35.0a1737114840","0.35.0a1737114977","0.35.0a1737116875","0.35.0a1737117468","0.35.0a1737122839","0.35.0a1737195981","0.35.0a1737212799","0.35.0a1737217937","0.35.0a1737218956","0.35.0a1737227112","0.35.0a1737311492","0.35.0a1737315034","0.35.0a1737379903","0.36.0","0.36.0a1737396881","0.36.0a1737401408","0.36.0a1737407655","0.36.0a1737409215","0.36.0a1737410849","0.36.0a1737438831","0.36.0a1737457705","0.36.0a1737482268","0.36.0a1737482779","0.36.0a1737487622","0.36.0a1737496270","0.36.0a1737496729","0.36.0a1737498136","0.36.0a1737539419","0.36.0a1737542896","0.36.0a1737628376","0.37.0","0.38.0","0.38.0a1737809635","0.38.1","0.38.1a1738355936","0.39.0","0.39.0a1738407703","0.39.0a1738408485","0.39.0a1738409132","0.39.0a1738413952","0.39.0a1738417207","0.4.10","0.4.11","0.4.12","0.4.13","0.4.14","0.4.15","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.40.0","0.40.1","0.40.1a1738430067","0.40.1a1738431780","0.40.2","0.40.3","0.40.4","0.40.4a1738504324","0.40.5","0.40.5a1738608355","0.40.5a1738609512","0.40.5a1738609921","0.40.5a1738610310","0.40.5a1738610551","0.40.6","0.40.6a1738619561","0.40.7","0.40.7a1738837197","0.40.7a1738851334","0.40.7a1738858117","0.40.7a1738865999","0.40.7a1738874469","0.41.0","0.41.0a1738875992","0.41.0a1738913481","0.41.0a1738922922","0.41.0a1738942849","0.41.0a1738943864","0.41.0a1738947565","0.41.0a1738948334","0.41.0a1738949488","0.41.0a1738951496","0.41.0a1738961482","0.41.0a1739006911","0.41.1","0.42.0","0.42.0a1739015944","0.42.0a1739029428","0.42.0a1739042238","0.42.0a1739042985","0.42.0a1739044180","0.42.0a1739044629","0.42.0a1739047263","0.42.0a1739048896","0.42.0a1739050234","0.42.0a1739093954","0.42.0a1739099062","0.43.0","0.43.0a1739106873","0.43.0a1739383942","0.43.0a1739389035","0.43.0a1739429679","0.44.0","0.44.0a1739451866","0.44.0a1739565955","0.44.1","0.44.1a1739799852","0.44.1a1739881595","0.44.1a1739897729","0.44.1a1739899475","0.44.1a1739904268","0.44.1a1739905596","0.44.1a1739908048","0.44.1a1739909460","0.44.1a1739912278","0.44.1a1739949863","0.44.1a1739953863","0.44.1a1739958116","0.44.1a1739969973","0.44.1a1739983135","0.44.2","0.44.2a1740050593","0.44.2a1740071168","0.44.2a1740084271","0.44.2a1740085443","0.44.2a1740085570","0.45.0","0.45.1","0.45.2","0.45.3","0.45.4","0.46.0","0.46.1","0.47.0","0.47.1","0.47.2","0.47.3","0.47.4","0.47.5","0.47.5a1741824272","0.47.5a1741825046","0.47.5a1741825731","0.47.5a1741826544","0.48.0","0.49.0","0.49.0a1742393199","0.49.0a1742655039","0.49.0a1742657799","0.49.0a1742658030","0.5.0","0.50.0","0.50.0a1742865563","0.50.0a1742876514","0.50.0a1742886287","0.50.0a1742907455","0.50.0a1742975161","0.50.1","0.50.2","0.50.3","0.50.4","0.50.4a1743070636","0.50.5","0.51.0","0.51.1","0.51.2","0.52.0","0.52.1","0.52.1a1744119894","0.52.2","0.52.3","0.52.3a1744217583","0.52.4","0.53.0","0.53.1","0.54.0","0.55.0","0.55.1","0.55.2","0.55.3","0.55.4","0.55.5","0.55.6","0.55.6a1748524485","0.55.6a1748537170","0.55.6a1748538406","0.55.6a1748538717","0.55.6a1748545381","0.55.6a1748787282","0.55.6a1748962305","0.55.6a1749087129","0.55.6a1749087663","0.55.6a1749164000","0.55.6a1749165639","0.55.6a1749248294","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.7.0","0.7.1","0.7.2","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/upsonic/PYSEC-2025-68.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}