CVE-2025-55136
MEDIUMERC <0.3 - SSRF
Title source: llmDescription
ERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a serialized object because jsonpickle is used.
References (1)
Scores
CVSS v3
5.7
EPSS
0.0004
EPSS Percentile
12.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Classification
CWE
CWE-502
Status
draft
Timeline
Published
Aug 07, 2025
Tracked Since
Feb 18, 2026