Is upsonic affected by CVE-2025-6279?

PyPI upsonic is affected in <0.56.0.

Is CVE-2025-6279 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

low

CVE-2025-6279

Q: Is CVE-2025-6279 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

PyPI · upsonic

Summary

Upsonic has vulnerability in Pickle Handler component that can lead to deserialization

Severity: low
EPSS: 0.5% (p37)
Also known as: GHSA-rpfv-46xj-5984, PYSEC-2025-68
Published: 2025-06-19

References

https://nvd.nist.gov/vuln/detail/CVE-2025-6279
https://github.com/Upsonic/Upsonic/issues/353
https://github.com/Upsonic/Upsonic/pull/360

Related advisories

CVE-2026-30625 — critical · PyPI/upsonic
CVE-2025-6278 — critical · PyPI/upsonic

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.