CVE-2025-67748

High CVSS: 7.1

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module imports. This led to unsafe pickles based on `pty.spawn()` being incorrectly flagged as `LIKELY_SAFE`, and was fixed in version 0.1.6. This impacted any user or system that used Fickling to vet pickle files for security issues.

Vendor

Trailofbits

Product

Fickling

CWE

CWE-94

Yayın Tarihi

2025-12-16 01:15:52

Güncelleme

2026-01-02 15:58:53

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-94 Fickling HIGH Trailofbits 2025

Referanslar

https://github.com/trailofbits/fickling/pull/108 https://github.com/trailofbits/fickling/pull/187 https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2

Benzer Kayıtlar

High

CVE-2026-22609

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fic…

High

CVE-2026-22612

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detectio…

High

CVE-2026-22606

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat P…

High

CVE-2026-22607

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat P…

High

CVE-2026-22608

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren…

High

CVE-2025-67747

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing `marshal` and `types`…