A disclosure of multiple security vulnerabilities in Apache Fory (specifically within its Python implementation, PyFory), a highly popular and blazingly fast cross-language serialization framework.
The Apache Software Foundation has released detailed advisories regarding three significant flaws: CVE-2026-48207, CVE-2025-61622, and CVE-2025-59328.
Ranging from Moderate to Critical in severity, these vulnerabilities expose applications that deserialize untrusted data to severe risks, including Remote Code Execution (RCE), Denial of Service (DoS), and the bypassing of core security policies.
Organizations relying on PyFory or the legacy PyFury libraries for high-performance data exchange must take immediate action to audit their dependency trees and deploy the patched versions to secure their infrastructure.
Apache Fory is renowned for solving the fundamental serialization dilemma by offering an ultra-fast, multi-language serialization framework. Powered by just-in-time (JIT) compilation and zero-copy techniques, Fory provides up to a 170x speedup compared to standard serialization libraries.
It natively supports a wide array of languages, including Java, Python, C++, Go, JavaScript, and Rust. The Python module, pyfory, is specifically designed to handle complex object graphs, shared references, and cross-language analytics workloads using Apache Arrow.
While these features make PyFory an excellent choice for modern distributed systems, microservices, and big data processing, the complexity of restoring dynamic object graphs inherently introduces severe security challenges, particularly when handling data originating from untrusted sources.
Apache Fory Vulnerability
In the realm of Python, deserialization is notoriously fraught with security landmines. Unlike statically typed languages where object structures are rigidly enforced, Python’s dynamic nature allows serializers to execute code during the object reconstruction phase.
When an application accepts serialized streams from the network, message queues, or user uploads without strict validation, it implicitly trusts the payload’s instructions.
If the serialization engine falls back to legacy modules or fails to enforce namespace restrictions, attackers can craft binary streams that trick the interpreter into executing arbitrary system commands, exhausting CPU cycles, or bypassing application-level security sandboxes.
The most critical of the disclosed flaws is CVE-2025-61622, carrying a Critical severity rating. This vulnerability impacts pyfory versions 0.5.0 through 0.12.2, as well as the legacy pyfury releases from 0.1.0 through 0.10.3.
The root cause lies in how the framework processes arbitrary data streams that request fallback serialization methods. Specifically, an attacker can craft a Fory data stream that deliberately selects the built-in Python pickle fallback serializer during the deserialization phase.
Because the pickle module is fundamentally insecure against untrusted data, executing pickle.loads on an attacker-controlled payload allows for immediate Remote Code Execution (RCE).
By leveraging the reduce method within a malicious pickle stream, threat actors can execute arbitrary shell commands with the privileges of the running Python process.
This flaw is catastrophic for any public-facing application or internal microservice that ingests PyFory data from unauthenticated or untrusted origins. The Apache Software Foundation completely removed the pickle fallback serializer in pyfory version 0.12.3 to eliminate this attack surface.
Rated as Important, CVE-2026-48207 affects pyfory versions 0.13.0 through 0.17.0. PyFory provides a security mechanism known as the DeserializationPolicy, which allows developers to define validation hooks that restrict unsafe classes, functions, or module attributes during deserialization.
However, researchers discovered that the ReduceSerializer could bypass these documented validation hooks during reduce-state restoration and global-name resolution.
This bypass occurs specifically when applications operate in PyFory’s Python-native mode with strict mode disabled (strict=False). Under these conditions, an attacker can construct a payload that sneaks past the custom DeserializationPolicy, allowing them to instantiate forbidden classes or trigger restricted functions.
While slightly less severe than a direct RCE because it depends on the application’s specific environment and available gadgets, it completely undermines the framework’s intended security perimeter. Upgrading to pyfory version 1.0.0 or later resolves this issue by consistently enforcing the policy validation across all ReduceSerializer paths.
The third vulnerability, CVE-2025-59328, is a Moderate severity Denial of Service (DoS) flaw affecting pyfory versions 0.5.0 through 0.12.1. Insecure deserialization isn’t only about code execution; it can also be weaponized to consume system resources.
By supplying an enormously large, specially crafted, and deeply nested data payload, an attacker can force the PyFory deserialization engine into an infinite loop or cause exponential computational complexity.
When the application attempts to parse this malicious graph, it triggers excessive CPU consumption, leading to complete resource exhaustion. Consequently, the host system or microservice becomes entirely unresponsive, denying access to legitimate users and potentially causing cascading failures across distributed architectures.
This issue is mitigated by upgrading to version 0.12.2 or later, which introduces stricter limits and optimized handling for complex nested structures.
The exploitation of these vulnerabilities can have devastating consequences for enterprise environments. The RCE flaw provides a direct gateway for ransomware deployment, data exfiltration, and lateral movement within corporate networks.
The DoS vulnerability threatens business continuity, potentially taking down critical data pipelines or analytics engines during peak operations. Furthermore, the policy bypass introduces subtle logic flaws that could be exploited for privilege escalation or unauthorized data access over extended periods.
Because PyFory is often embedded deep within data pipelines, machine learning architectures, and asynchronous task queues, identifying vulnerable instances requires comprehensive software composition analysis.
Mitigation
The Apache Security Team mandates standard procedures for addressing these vulnerabilities. Organizations must immediately audit their environments to identify all instances of pyfory and the legacy pyfury packages. To fully secure systems, development teams should upgrade their dependencies as follows:
- To remediate the RCE (CVE-2025-61622), update to pyfory 0.12.3 or higher.
- To resolve the DoS (CVE-2025-59328), update to pyfory 0.12.2 or higher.
- To fix the DeserializationPolicy bypass (CVE-2026-48207), update to pyfory 1.0.0 or higher.
As a general best practice, upgrading to the latest stable release (1.0.0 or newer) will comprehensively patch all three vulnerabilities. Additionally, developers should strictly avoid deserializing untrusted data without enabling strict mode and enforcing robust cryptographic signatures to verify the integrity and origin of the serialized payloads prior to processing.
As data serialization frameworks continue to push the boundaries of performance and cross-language compatibility, the inherent risks of dynamic code execution and complex graph parsing remain ever-present.
The recent discoveries in Apache Fory underscore the absolute necessity of secure coding practices, rigorous dependency management, and defense-in-depth strategies. By staying vigilant and applying security patches proactively, organizations can leverage the incredible speed of PyFory without compromising their security posture.
FAQ
Q1: What is CVE-2025-61622?
It is a Critical RCE vulnerability in pyfory (versions 0.5.0–0.12.2) caused by an unguarded pickle fallback serializer that allows attackers to execute arbitrary code.
Q2: How do I fix the DeserializationPolicy bypass in PyFory?
You must upgrade to pyfory version 1.0.0 or later to ensure the ReduceSerializer properly enforces your security validation hooks.
Q3: Can the Apache Fory DoS vulnerability crash my entire server?
Yes, CVE-2025-59328 allows attackers to send maliciously crafted datasets that exhaust CPU resources, rendering the system unresponsive.
Q4: Should I be concerned if I use the legacy pyfury package?
Yes, legacy pyfury versions (0.1.0–0.10.3) are highly vulnerable to the Critical RCE flaw and should be replaced with updated pyfory releases immediately.
Site: thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
