CVE-2025-22153
- Source
- https://cve.org/CVERecord?id=CVE-2025-22153
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22153.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-22153
- Aliases
- Downstream
- Published
- 2025-01-23T17:34:27.056Z
- Modified
- 2026-04-10T04:14:28.232624Z
- Severity
-
- 7.9 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
- Summary
- try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
- Details
-
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using
try/except*, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support fortry/except*clauses. No known workarounds are available. - Database specific
{ "cwe_ids": [ "CWE-843" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22153.json", "unresolved_ranges": [ { "source": "AFFECTED_FIELD", "extracted_events": [ { "introduced": "6.0" }, { "fixed": "8.0" } ] } ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22153.json
- https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-gmj9-h825-chq2
- https://nvd.nist.gov/vuln/detail/CVE-2025-22153
- https://github.com/zopefoundation/RestrictedPython/commit/48a92c5bb617a647cffd0dadd4d5cfe626bcdb2f
Affected packages
Git / github.com/zopefoundation/restrictedpython
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zopefoundation/restrictedpython
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed