CNNVD-202510-4347 Information

Oct 31, 2025 cve

CNNVD ID

CNNVD-202510-4347

CVE-2025-63675

CNNVD Published: 2025-10-31

Description (Chinese)

cryptidy是NetInvent Open Source Initiative开源的一个AES和RSA加解密软件。 cryptidy 1.2.4及之前版本存在安全漏洞，该漏洞源于symmetric_encryption.py文件中aes_decrypt_message函数使用pickle.loads处理不可信数据，可能导致代码执行。

Description (English)

cryptidi is an AES and RSA decryption software from NetInvent Open Source Initiative. There is a security loophole in cryptty 1.2.4 and previous versions, which originates from the " aes decrypt message " function in symmetric encryption.py file, which uses pickle.loads to process untrustworthy data, which may lead to code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

NetInvent Open Source Initiative

Published

2025-10-31

Last Modified

2026-02-24

References

https://github.com/javiermorales36/cryptidy-analysis https://github.com/netinvent/cryptidy/blob/cebc9ffd54cc20679d15a1a43ca9a5da645b0c58/cryptidy/symmetric_encryption.py#L220-L238 https://access.redhat.com/security/cve/cve-2025-63675

Share on: