CVE-2025-10974 MEDIUM

CVE-2025-10974: giantspatula SewKinect Endpoint calculate pickle.loads deserialization

Vendor Giantspatula
Product SewKinect
Weakness CWE-502 · Unsafe deserialization
Published September 25, 2025
Last update September 26, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Key dates

02Disclosure timeline

September 25, 2025 CVE published
September 26, 2025 Record updated