CVE-2025-14606 | tiny-rdm Tiny RDM up to 1.2.5 Pickle Decoding pickle_convert.go pickle.loads deserialization

Inserito da Angelo Barbosa | Dic 12, 2025 | CVE

A vulnerability, which was classified as critical, has been found in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component Pickle Decoding. The manipulation leads to deserialization.

This vulnerability is documented as CVE-2025-14606. The attack can be initiated remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-14606 | tiny-rdm Tiny RDM up to 1.2.5 Pickle Decoding pickle_convert.go pickle.loads deserialization

Post correlati

CVE-2024-22186 | Electrolink Compact DAB Transmitter cookie validation (icsa-24-107-02)

CVE-2025-25149 | Danillo Nunes Login-box Plugin up to 2.0.4 on WordPress cross-site request forgery

CVE-2024-39522 | Juniper Networks Junos OS Evolved prior 22.3R2-EVO/22.4R1-S1-EVO/22.4R2-EVO CLI os command injection (JSA82975)

CVE-2024-32341 | WonderCMS 3.4.3 Home Page cross site scripting