CVE-2025-14606 | tiny-rdm Tiny RDM up to 1.2.5 Pickle Decoding pickle_convert.go pickle.loads deserialization

Inserito da Angelo Barbosa | Dic 12, 2025 | CVE

A vulnerability, which was classified as critical, has been found in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component Pickle Decoding. The manipulation leads to deserialization.

This vulnerability is documented as CVE-2025-14606. The attack can be initiated remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-14606 | tiny-rdm Tiny RDM up to 1.2.5 Pickle Decoding pickle_convert.go pickle.loads deserialization

Post correlati

CVE-2024-11691 | Mozilla Thunderbird on macOS Apple GPU Driver memory corruption

CVE-2024-2237 | Premium Addons Pro Plugin up to 2.9.12 on WordPress Global Badge Module cross site scripting

CVE-2024-0888 | BORGChat 1.0.0 Build 438 Service Port 7551 denial of service

CVE-2024-37275 | NextScripts Plugin up to 4.4.6 on WordPress cross site scripting