How severe is CVE-2025-67748?

CVE-2025-67748 has a CVSS v3 score of 7.8 (HIGH).

CVE-2025-67748

Name: fickling
Author: trailofbits

7.8HIGH

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module imports. This led to unsafe pickles base

Publicado: 12/16/2025Atualizado: 1/2/2026

Descrição

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module imports. This led to unsafe pickles based on `pty.spawn()` being incorrectly flagged as `LIKELY_SAFE`, and was fixed in version 0.1.6. This impacted any user or system that used Fickling to vet pickle files for security issues.

Análise IADesenvolvido por IA

Produtos Afetados

trailofbitsfickling

Referências

https://github.com/trailofbits/fickling/pull/108
Issue TrackingPatch
https://github.com/trailofbits/fickling/pull/187
Issue TrackingPatch
https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2
ExploitVendor Advisory