Insecure Deserialization Vulnerability in pdfminer.six by the Vendor pdfminer
CVE-2025-70559

Currently unrated

Key Information:

Vendor: pdfminer
Status: pdfminer.six
Vendor: CVE Published:; 3 February 2026

What is CVE-2025-70559?

The pdfminer.six library, prior to version 20251230, exhibits an insecure deserialization vulnerability in the CMap loading process. By utilizing Python's pickle, the library deserializes CMap cache files without implementing proper validation. This flaw allows an attacker, having the capability to place a malicious pickle file in a location that the application can access, to execute arbitrary code or escalate privileges when the application processes the compromised file. This issue is rooted in an incomplete patch addressing a previous vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/pdfminer/pdfminer.six/security/advisor...

https://github.com/advisories/GHSA-f83h-ghpp-7wcc

Timeline

Vulnerability published
Feb 3, 2026
Vulnerability Reserved
Jan 9, 2026

JSON

pdfminer

What is CVE-2025-70559?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.