Share
## https://sploitus.com/exploit?id=CBB2A9FF-7639-51E3-BDAE-0060530DA312
PoC exploit for CVE-2025-61622, a Remote Code Execution (RCE) vulnerability in Apache Pyfory (versions 0.12.0-0.12.2 and legacy PyFury 0.1.0-0.10.3) due to insecure pickle fallback deserialization. The target product/service is Apache Pyfory, a Python-based framework for building web applications. The vulnerability class/vector is RCE, achieved through insecure pickle fallback deserialization. Notable dependencies/tooling include the `pickle` module, which is used for deserialization. The probable entry point is the `exploit.py` script, which is not specified how it is typically invoked. Preconditions for the exploit include a vulnerable version of Apache Pyfory (0.12.0-0.12.2 or legacy 0.1.0-0.10.3). The expected impact is Remote Code Execution, allowing an attacker to execute arbitrary code on the vulnerable system.