
We found results for “”
CVE-2025-61677
Good to know:


Date: October 2, 2025
The DataChain library reads serialized objects from environment variables (such as "DATACHAIN__METASTORE" and "DATACHAIN__WAREHOUSE") in the "loader.py" module. An attacker with the ability to set these environment variables can trigger code execution when the application loads.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Deserialization of Untrusted Data
CWE-502Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |