top of page
perceptive_background_267k.jpg

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerabilit…

Published:

22 April 2026 at 22:00:00

Alert date:

23 April 2026 at 17:04:31

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

CVE-2025-62373 affects Pipecat versions 0.0.41 through 0.0.93, an open-source Python framework for building real-time voice and multimodal conversational agents. The vulnerability exists in the LivekitFrameSerializer class which uses unsafe pickle.loads() deserialization on WebSocket data without validation. Attackers can send malicious pickle payloads to achieve remote code execution on servers using this component. The vulnerable code is in src/pipecat/serializers/livekit.py around line 73. Version 0.0.94 contains a fix. The affected component is optional, non-default, and now deprecated.

Technical details

Mitigation steps:

Affected products:

Pipecat

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-62373
https://github.com/pipecat-ai/pipecat/security/advisories/GHSA-c2jg-5cp7-6wc7

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page