Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
Description
Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the _decode() function in fugue/rpc/flask.py directly uses cloudpickle.loads() to deserialize data without any sanitization. This creates a remote code execution vulnerability when malicious pickle data is processed by the RPC server. The vulnerability exists in the RPC communication mechanism where the client can send arbitrary serialized Python objects that will be deserialized on the server side, allowing attackers to execute arbitrary code on the victim's machine. This issue has been patched via commit 6f25326.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Fugue 0.9.2 and prior contains a remote code execution vulnerability due to unsafe cloudpickle deserialization in the RPC server's _decode() function.
Overview
CVE-2025-62703 is a remote code execution vulnerability in the Fugue distributed computing framework, affecting versions 0.9.2 and prior. The root cause lies in the _decode() function within fugue/rpc/flask.py, which directly uses cloudpickle.loads() to deserialize incoming data without any sanitization [1][2]. This allows an attacker to send arbitrary serialized Python objects that are then executed on the server side.
Exploitation
An attacker can exploit this vulnerability by connecting to a running Fugue FlaskRPCServer that is bound to a network-facing address (e.g., 0.0.0.0). By crafting a malicious pickle payload, the attacker can achieve arbitrary code execution on the victim's machine. No authentication is required to interact with the RPC server, and the network isolation is the only assumed protection [3].
Impact
Successful exploitation can lead to complete system compromise, data exfiltration, lateral movement within the network, denial of service, and installation of persistent backdoors [3].
Mitigation
The vulnerability was patched in commit 6f25326, which adds security warnings about the lack of authentication and advises proper network isolation [4]. Users are strongly urged to update to a patched version or apply the commit. Until then, ensure the RPC server is not exposed to untrusted networks.
- GitHub - fugue-project/fugue: A unified interface for distributed computing. Fugue executes SQL, Python, Pandas, and Polars code on Spark, Dask and Ray without any rewrites.
- NVD - CVE-2025-62703
- Remote Code Execution by Pickle Deserialization via FlaskRPCServer in fugue-project/fugue
- Adding security warnings to Flask RPCServer (#564) · fugue-project/fugue@6f25326
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fuguePyPI | <= 0.9.2 | — |
Affected products
1- Range: <= 0.9.2
Patches
16f25326779fdAdding security warnings to Flask RPCServer (#564)
1 file changed · +9 −0
fugue/rpc/flask.py+9 −0 modified@@ -60,6 +60,7 @@ def __init__(self, conf: Any): -1.0 if timeout is None else to_timedelta(timeout).total_seconds() ) self._server: Optional[FlaskRPCServer._Thread] = None + self._log = logging.getLogger() def make_client(self, handler: Any) -> RPCClient: """Add ``handler`` and correspondent :class:`~.FlaskRPCClient` @@ -77,6 +78,14 @@ def make_client(self, handler: Any) -> RPCClient: def start_server(self) -> None: """Start Flask RPC server""" + msg = ( + "Starting RPC server on %s:%s. " + "This server has no authentication and relies on network isolation. " + "Ensure proper VPC/firewall configuration in production. " + "See https://fugue-tutorials.readthedocs.io/tutorials/resources/" + "security.html" + ) + self._log.warning(msg, self._host, self._port) app = Flask("FlaskRPCServer") app.route("/invoke", methods=["POST"])(self._invoke) self._server = FlaskRPCServer._Thread(app, self._host, self._port)
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-xv5p-fjw5-vrj6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-62703ghsaADVISORY
- drive.google.com/file/d/1y8bBBp7dnWoT_WHBtdB0Fts4NRUIfdWi/viewghsaWEB
- github.com/fugue-project/fugue/commit/6f25326779fd1f528198098d6287c5a863176fc0ghsax_refsource_MISCWEB
- github.com/fugue-project/fugue/security/advisories/GHSA-xv5p-fjw5-vrj6ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.