UBUNTU-CVE-2025-50817

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-50817

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50817.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-50817

Upstream

CVE-2025-50817

Published

2025-08-14T17:15:00Z

Modified

2025-09-08T17:11:58Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code.

References

Affected packages

Ubuntu:Pro:16.04:LTS / python-future

Package

Name: python-future
Purl: pkg:deb/ubuntu/python-future@0.15.2-1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.14.3-1

0.14.3-1build1

0.15.2-1

0.15.2-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.15.2-1ubuntu0.1~esm1",
            "binary_name": "python-future"
        },
        {
            "binary_version": "0.15.2-1ubuntu0.1~esm1",
            "binary_name": "python3-future"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / python-future

Package

Name: python-future
Purl: pkg:deb/ubuntu/python-future@0.15.2-4ubuntu2.1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.15.2-4ubuntu1

0.15.2-4ubuntu2

0.15.2-4ubuntu2.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.15.2-4ubuntu2.1",
            "binary_name": "python-future"
        },
        {
            "binary_version": "0.15.2-4ubuntu2.1",
            "binary_name": "python3-future"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / python-future

Package

Name: python-future
Purl: pkg:deb/ubuntu/python-future@0.18.2-2ubuntu0.1?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.16.0-1

0.18.2-0ubuntu1

0.18.2-1

0.18.2-2

0.18.2-2ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.18.2-2ubuntu0.1",
            "binary_name": "python3-future"
        }
    ]
}

Ubuntu:22.04:LTS / python-future

Package

Name: python-future
Purl: pkg:deb/ubuntu/python-future@0.18.2-5ubuntu0.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.18.2-5

0.18.2-5ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.18.2-5ubuntu0.1",
            "binary_name": "python3-future"
        }
    ]
}

Ubuntu:24.04:LTS / python-future

Package

Name: python-future
Purl: pkg:deb/ubuntu/python-future@0.18.2-6ubuntu2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.18.2-6ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.18.2-6ubuntu2",
            "binary_name": "python3-future"
        }
    ]
}