CVE-2025-14606 LOW

CVE-2025-14606: tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization

Vendor Tiny-Rdm
Product Tiny RDM
Weakness CWE-502 · Unsafe deserialization
Published December 13, 2025
Last update December 15, 2025

CVSS base score

2.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle_convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Key dates

02Disclosure timeline

December 13, 2025 CVE published
December 15, 2025 Record updated