CVE-2025-63675

Vulnerability

Overview

The cryptidy Python library (versions up to and including 1.2.4) contains a critical deserialization vulnerability in its symmetric encryption module. The function aes_decrypt_message in symmetric_encryption.py calls pickle.loads on decrypted data without any validation or sanitization [1][3]. This constitutes CWE-502: Deserialization of Untrusted Data, as the library implicitly trusts the decrypted payload to be a safe Python object.

Attack

Vector

An attacker can exploit this flaw by providing a maliciously crafted encrypted message to any application that uses cryptidy to decrypt data. When the victim application decrypts the message and passes the result to pickle.loads, arbitrary Python code embedded in the pickle payload is executed [1]. No authentication or special network position is required if the attacker can supply the encrypted data directly (e.g., via an API endpoint or file upload). The proof-of-concept repository demonstrates a payload that opens a calculator, but real-world payloads could execute arbitrary commands [1].

Impact

Successful exploitation leads to remote code execution (RCE) with the privileges of the process running cryptidy. This can result in full system compromise, data exfiltration, denial of service, or privilege escalation [1]. The library is designed for easy encryption of Python objects, making it attractive for applications that need to serialize and encrypt data; however, the use of pickle undermines security.

Mitigation

As of the latest release (1.2.4), no patch has been published to address this vulnerability [4]. Users are advised to avoid using cryptidy to decrypt data from untrusted sources. If possible, switch to a serialization format that does not execute code (e.g., JSON or msgpack) and ensure that any decrypted data is validated before use. The maintainer has not yet responded with a fix, so applications relying on cryptidy should consider it unsafe for handling attacker-controlled input.