Critical Vulnerability in Python PLY Library Enables Remote Code
A critical vulnerability affecting PLY (Python Lex-Yacc) version 3.11, distributed via PyPI, has been uncovered. The flaw allows arbitrary code execution, exploiting unsafe deserialization of...
A critical vulnerability affecting PLY (Python Lex-Yacc) version 3.11, distributed via PyPI, has been uncovered. The flaw allows arbitrary code execution, exploiting unsafe deserialization of untrusted pickle files.
The vulnerability, assigned CVE-2025-56005, affects the undocumented picklefile parameter in the yacc() function, which remains absent from official documentation despite being present in the production release.
The vulnerability stems from the yacc(picklefile=…) parameter invoking pickle.load() on attacker-controlled files without validation.
Python’s pickle module inherently supports arbitrary code execution during deserialization through the __reduce__() method, enabling malicious payloads to execute system commands before parser initialization occurs.
This presents a unique risk profile because the code execution happens silently during application startup, before any parsing logic is reached.
The vulnerability is particularly dangerous in environments where parser tables are cached on disk, shared between services, or generated in CI/CD pipelines.
Exploitation becomes possible when attackers can control, replace, or influence the pickle file path, such as:
| Area / Component | Description |
|---|---|
| Cached parser table locations | Locations where parser tables are stored locally |
| Shared network directories | Network-accessible shared folders |
| CI/CD pipeline artifacts | Build and deployment output files |
| Configurable or writable file paths | Application-defined writable paths |
The vulnerability can be demonstrated through a malicious pickle payload that executes system commands during deserialization.
When yacc(picklefile=’exploit.pkl’) loads a crafted pickle file containing serialized objects with embedded __reduce__() methods, arbitrary code execution is guaranteed before the parser becomes operational.
According to the advisory, organizations should immediately implement the following mitigations:
Avoid using the picklefile parameter with untrusted or externally writable files. Disable loading parser tables from user-controlled locations.
Treat all pickle files as potentially unsafe input. Regenerate parser tables dynamically rather than loading from disk.
Developers should update applications that use PLY 3.11 and audit configurations for potential exposure through the undocumented parameter.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.