Vulnerability Database

318,389

Total vulnerabilities in the database

CVE-2025-63675

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes_decrypt_message in symmetric_encryption.py.

Published: Oct 31, 2025
Updated: Jan 19, 2026
CVE: CVE-2025-63675
GHSA: GHSA-97w9-v595-3h5q
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
cryptidy	-	1.2.4.x
netinvent / cryptidy	-	1.2.4.x

https://github.com/javiermorales36/cryptidy-analysis
https://github.com/netinvent/cryptidy/blob/cebc9ffd54cc20679d15a1a43ca9a5da645b0c58/cryptidy/symmetric_encryption.py#L220-L238

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo