VDB
CVE-2025-61765
CVE-2025-61765
PUBLISHED
CVSS 6.400000095367432 MEDIUM
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
EPSS 0.84% · 75.0th percentile
Risk Scores
CVSS v3.1
6.400000095367432
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
EPSS Score
0.84%
75.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| miguelgrinberg | python-socketio | >= 0.8.0, < 5.14.0 |
| PyPI | python-socketio | 0.8.0 |
Timeline
- Jan 21, 1970 Security Advisory
- Oct 6, 2025 CVE Published
- Oct 7, 2025 EPSS Score
- Oct 13, 2025 EPSS Score
- Oct 20, 2025 EPSS Score
- Oct 22, 2025 CVE Updated
- Oct 26, 2025 EPSS Score
- Oct 27, 2025 PoC Published
- Nov 1, 2025 EPSS Score
- Nov 8, 2025 EPSS Score
- Nov 11, 2025 PoC Published
- Nov 14, 2025 EPSS Score
References
- https://github.com/miguelgrinberg/python-socketio/security/advisories/GHSA-g8c6-8fjj-2r4m url
- https://github.com/miguelgrinberg/python-socketio/commit/53f6be094257ed81476b0e212c8cddd6d06ca39a url
- https://www.bluerock.io/post/cve-2025-61765-bluerock-discovers-critical-rce-in-socket-io-ecosystem url
- https://nvd.nist.gov/vuln/detail/CVE-2025-61765 advisory
- https://github.com/miguelgrinberg/python-socketio package