Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for Tiny RDM by tiny-rdm

    CVE-2025-14606 (GCVE-0-2025-14606)

    Vulnerability from nvd – Published: 2025-12-13 12:32 – Updated: 2025-12-15 16:31
    VLAI
    Title
    tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization
    Summary
    A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.336282 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.336282 signaturepermissions-required
    https://vuldb.com/?submit.704138 third-party-advisory
    https://github.com/tiny-craft/tiny-rdm/issues/512 exploitissue-tracking
    Impacted products
    Vendor Product Version
    tiny-rdm Tiny RDM Affected: 1.2.0
    Affected: 1.2.1
    Affected: 1.2.2
    Affected: 1.2.3
    Affected: 1.2.4
    Affected: 1.2.5
    Create a notification for this product.
    Credits
    zznQ (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14606",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T16:31:21.209664Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T16:31:29.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Pickle Decoding"
              ],
              "product": "Tiny RDM",
              "vendor": "tiny-rdm",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.3"
                },
                {
                  "status": "affected",
                  "version": "1.2.4"
                },
                {
                  "status": "affected",
                  "version": "1.2.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zznQ (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.6,
                "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-13T12:32:06.262Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-336282 | tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.336282"
            },
            {
              "name": "VDB-336282 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.336282"
            },
            {
              "name": "Submit #704138 | tiny-rdm Tiny RDM 1.2.5 Insecure Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.704138"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/tiny-craft/tiny-rdm/issues/512"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-12T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-12T20:52:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14606",
        "datePublished": "2025-12-13T12:32:06.262Z",
        "dateReserved": "2025-12-12T19:20:57.175Z",
        "dateUpdated": "2025-12-15T16:31:29.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14606 (GCVE-0-2025-14606)

    Vulnerability from cvelistv5 – Published: 2025-12-13 12:32 – Updated: 2025-12-15 16:31
    VLAI
    Title
    tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization
    Summary
    A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.336282 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.336282 signaturepermissions-required
    https://vuldb.com/?submit.704138 third-party-advisory
    https://github.com/tiny-craft/tiny-rdm/issues/512 exploitissue-tracking
    Impacted products
    Vendor Product Version
    tiny-rdm Tiny RDM Affected: 1.2.0
    Affected: 1.2.1
    Affected: 1.2.2
    Affected: 1.2.3
    Affected: 1.2.4
    Affected: 1.2.5
    Create a notification for this product.
    Credits
    zznQ (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14606",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T16:31:21.209664Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T16:31:29.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Pickle Decoding"
              ],
              "product": "Tiny RDM",
              "vendor": "tiny-rdm",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.2.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.2"
                },
                {
                  "status": "affected",
                  "version": "1.2.3"
                },
                {
                  "status": "affected",
                  "version": "1.2.4"
                },
                {
                  "status": "affected",
                  "version": "1.2.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zznQ (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.6,
                "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-13T12:32:06.262Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-336282 | tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.336282"
            },
            {
              "name": "VDB-336282 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.336282"
            },
            {
              "name": "Submit #704138 | tiny-rdm Tiny RDM 1.2.5 Insecure Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.704138"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/tiny-craft/tiny-rdm/issues/512"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-12T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-12T20:52:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14606",
        "datePublished": "2025-12-13T12:32:06.262Z",
        "dateReserved": "2025-12-12T19:20:57.175Z",
        "dateUpdated": "2025-12-15T16:31:29.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }