A crucial vulnerability has been recognized within the PyPI-distributed model of PLY (Python Lex-Yacc) 3.11, permitting arbitrary code execution by way of unsafe deserialization of untrusted pickle recordsdata.
The vulnerability, assigned CVE-2025-56005, impacts the undocumented picklefile parameter within the yacc() perform, which stays absent from official documentation regardless of being current within the manufacturing launch.
The vulnerability stems from the yacc(picklefile=…) parameter invoking pickle.load() on attacker-controlled recordsdata with out validation.
Python’s pickle module inherently helps arbitrary code execution throughout deserialization by way of the __reduce__() technique, enabling malicious payloads to execute system instructions earlier than parser initialization happens.
This presents a singular danger profile as a result of the code execution occurs silently throughout software startup, earlier than any parsing logic is reached.
The vulnerability is especially harmful in environments the place parser tables are cached on disk, shared between companies, or generated in CI/CD pipelines.
Exploitation turns into potential when attackers can management, change, or affect the pickle file path, equivalent to:
Space / ComponentDescriptionCached parser desk locationsLocations the place parser tables are saved locallyShared community directoriesNetwork-accessible shared foldersCI/CD pipeline artifactsBuild and deployment output filesConfigurable or writable file pathsApplication-defined writable paths
The vulnerability may be demonstrated by way of a malicious pickle payload that executes system instructions throughout deserialization.
When yacc(picklefile=’exploit.pkl’) masses a crafted pickle file containing serialized objects with embedded __reduce__() strategies, arbitrary code execution is assured earlier than the parser turns into operational.
In line with the advisory, organizations ought to instantly implement the next mitigations:
Keep away from utilizing the picklefile parameter with untrusted or externally writable recordsdata. Disable loading parser tables from user-controlled places.
Deal with all pickle recordsdata as doubtlessly unsafe enter. Regenerate parser tables dynamically somewhat than loading from disk.
Builders ought to replace functions that use PLY 3.11 and audit configurations for potential publicity by way of the undocumented parameter.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
