Metrics
Affected Vendors & Products
| Source | ID | Title | 
|---|---|---|
|  EUVD | EUVD-2025-32181 | DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables (such as DATACHAIN__METASTORE and DATACHAIN__WAREHOUSE) in the loader.py module. An attacker with the ability to set these environment variables can trigger code execution when the application loads. This issue is fixed in version 0.34.2. | 
|  Github GHSA | GHSA-6px8-mr29-cj4r | DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables | 
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 06 Oct 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Mon, 06 Oct 2025 14:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Iterative Iterative datachain | |
| Vendors & Products | Iterative Iterative datachain | 
Fri, 03 Oct 2025 21:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables (such as DATACHAIN__METASTORE and DATACHAIN__WAREHOUSE) in the loader.py module. An attacker with the ability to set these environment variables can trigger code execution when the application loads. This issue is fixed in version 0.34.2. | |
| Title | DataChain: Deserialization of Untrusted Data from Environment Variables | |
| Weaknesses | CWE-502 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-10-06T15:41:16.866Z
Reserved: 2025-09-29T20:25:16.181Z
Link: CVE-2025-61677
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-10-06T15:41:10.350Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2025-10-03T22:15:32.390
Modified: 2025-10-06T14:56:47.823
Link: CVE-2025-61677
 Redhat
                        Redhat
                    No data.
 OpenCVE Enrichment
                        OpenCVE Enrichment
                    Updated: 2025-10-06T14:42:07Z