CNNVD-202506-2604 Information

CNNVD ID

CNNVD-202506-2604

Related CVE

CVE-2025-6279

• CNNVD Published: 2025-06-19

Description (Chinese)

Upsonic是Upsonic开源的一个AI代理框架。 Upsonic 0.55.6及之前版本存在代码问题漏洞，该漏洞源于组件Pickle Handler中文件/tools/add_tool函数cloudpickle.loads存在反序列化。

Description (English)

Upsonic is an AI proxy framework for UPsonic open source. Upsonic 0.55.6 and previous versions have code problem holes, which stem from the inverse sequence of the file/tools/add tool function cloudpeckle.loads in component Pickle Handler.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Upsonic

Published

2025-06-19

Last Modified

2026-02-24

References

https://vuldb.com/?submit.593099 https://vuldb.com/?ctiid.313283 https://github.com/Upsonic/Upsonic/issues/353 https://vuldb.com/?id.313283 https://access.redhat.com/security/cve/cve-2025-6279

Patch

https://github.com/Upsonic/Upsonic/releases