Critical RCE in Pipecat Python Framework: CVE-2025-62373
The National Vulnerability Database (NVD) has detailed CVE-2025-62373, a critical remote code execution (RCE) vulnerability in Pipecat, an open-source Python framework for real-time conversational agents. Affecting versions 0.0.41 through 0.0.93, the flaw resides within the LivekitFrameSerializer class. This optional, non-default component, now deprecated, improperly uses Python’s pickle.loads() function on unvalidated data received from WebSocket clients.
A malicious WebSocket client can exploit this by sending a crafted pickle payload, leading to arbitrary code execution on the Pipecat server. This is a classic deserialization vulnerability (CWE-502). The NVD highlights that if a Pipecat server is configured with this specific serializer and exposed externally, an attacker can achieve RCE with a CVSS score of 9.8 (Critical). The vulnerable code, located in src/pipecat/serializers/livekit.py, directly passes untrusted WebSocket message data to pickle.loads().
Pipecat has addressed this in version 0.0.94. Defenders must prioritize upgrading to the latest version and migrating away from the LivekitFrameSerializer to safer alternatives like LiveKitTransport. The NVD emphasizes that secure coding practices, especially avoiding unsafe deserialization like Python pickle in network-facing components, are paramount.
What This Means For You
- If your organization uses Pipecat versions 0.0.41 through 0.0.93 and has configured the `LivekitFrameSerializer`, you are exposed to critical remote code execution. Immediately upgrade Pipecat to version 0.0.94 or later and ensure the vulnerable `LivekitFrameSerializer` is no longer in use. Audit your deployments for external exposure of Pipecat services.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2025-62373 - Pipecat LivekitFrameSerializer Pickle Deserialization RCE
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-62373 | RCE | Pipecat versions 0.0.41 through 0.0.93 |
| CVE-2025-62373 | Deserialization | Pipecat `LivekitFrameSerializer` class `deserialize()` method using `pickle.loads()` |
| CVE-2025-62373 | Code Injection | Vulnerable code in `src/pipecat/serializers/livekit.py` (around line 73) |
| CVE-2025-62373 | Misconfiguration | Pipecat server configured to use `LivekitFrameSerializer` and listening on an external interface (e.g. 0.0.0.0) |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 23, 2026 at 19:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-41239 — Cross-Site Scripting (XSS)
CVE-2026-41239 — DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, `SAFE_FOR_TEMPLATES` strips...
CVE-2026-41238 — Cross-Site Scripting (XSS)
CVE-2026-41238 — DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS...
Critical XSS in hackage-server via Malicious .cabal Metadata
CVE-2026-40472 — In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks.