CVE-2025-10974
Description
A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
References
- https://github.com/giantspatula/SewKinect/issues/3
- https://github.com/giantspatula/SewKinect/issues/3#issue-3408883003
- https://vuldb.com/?ctiid.325845
- https://vuldb.com/?id.325845
- https://vuldb.com/?submit.653270
- https://github.com/giantspatula/SewKinect/issues/3
- https://github.com/giantspatula/SewKinect/issues/3#issue-3408883003
CWEs
CWE-20 CWE-502
Verify integrity in audit chain (admin only). AS-IS.