CVE-2025-67748
Unknown Unknown - Not Provided
Unsafe Module Import Bypass in Fickling Allows Unsafe Pickle Execution

Publication date: 2025-12-16

Last updated on: 2025-12-16

Assigner: GitHub, Inc.

Description
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module imports. This led to unsafe pickles based on `pty.spawn()` being incorrectly flagged as `LIKELY_SAFE`, and was fixed in version 0.1.6. This impacted any user or system that used Fickling to vet pickle files for security issues.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-16
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67748
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trailofbits fickling 0.1.6
trailofbits fickling 0.1.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67748 is a vulnerability in the Fickling Python package (versions prior to 0.1.6) where the 'pty' module was missing from the blocklist of unsafe imports. This omission allowed attackers to craft malicious pickle files that use the pty.spawn() function to execute arbitrary code. Fickling's heuristic for detecting unsafe pickle files relies on identifying unused variables left on the Python VM stack after execution, but the use of pty.spawn() with a trivial operation to mark the variable as used bypassed this detection, causing such malicious pickles to be incorrectly flagged as 'LIKELY_SAFE'. This flaw enables arbitrary code execution upon deserialization of these pickle files. The issue was fixed by adding 'pty' to the unsafe imports blocklist in version 0.1.6. [2, 3, 1]

Impact Analysis

This vulnerability can impact users or systems that rely on Fickling to vet pickle files for security issues. Because malicious pickle files using pty.spawn() can bypass Fickling's detection, an attacker can execute arbitrary code on the affected system during deserialization. This can lead to unauthorized code execution, potentially compromising system integrity, confidentiality, and availability. [2, 1]

Detection Guidance

This vulnerability can be detected by analyzing pickle files for unsafe usage of the 'pty' module, specifically the use of 'pty.spawn()' which was previously not flagged by Fickling. A proof-of-concept payload can be created and inspected using Python's pickletools module. For example, you can use the following Python snippet to disassemble and inspect a suspicious pickle file: ```python import pickletools with open('suspicious.pkl', 'rb') as f: pickletools.dis(f, annotate=1) ``` This will show opcodes such as SHORT_BINUNICODE 'pty' and 'spawn', STACK_GLOBAL, and REDUCE which indicate usage of the 'pty.spawn' function. Additionally, using the updated Fickling tool (version 0.1.6 or later) to scan pickle files will help detect such unsafe pickles as it now includes 'pty' in its blocklist of unsafe modules. [2, 3]

Mitigation Strategies

The immediate mitigation step is to upgrade Fickling to version 0.1.6 or later, which includes the fix that adds 'pty' to the blocklist of unsafe modules. This prevents malicious pickle files using 'pty.spawn()' from being incorrectly flagged as safe. Users relying on Fickling to vet pickle files should update their installations promptly. Additionally, avoid deserializing pickle files from untrusted sources to reduce the risk of arbitrary code execution. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67748. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart