CVE-2025-56005: An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (...
An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the GitHub repository, yet it is active in the PyPI version. This introduces a stealthy backdoor and persistence risk. NOTE: A third-party states that this vulnerability should be rejected because the proof of concept does not demonstrate arbitrary code execution and fails to complete successfully.
Security readout for executives and security teams
Plain-English summary
A researcher reported that the popular Python parsing library PLY 3.11 has an undocumented option that loads a pickle file without checking it, which could let an attacker run their own code if they can control that file. A third party has publicly disputed the finding, arguing the demonstration does not actually run attacker code. Real-world risk depends on whether your applications let outside input reach this rarely used developer feature.
Executive priority
Treat as a moderate, developer-hygiene issue rather than an emergency patch. Direct engineering to confirm whether PLY is in use and whether the `picklefile` option is ever exposed to untrusted input; escalate only if that condition is met or if the dispute is resolved against the library.
Technical view
CVE-2025-56005 describes an undocumented `picklefile` parameter in PLY's `yacc()` function (version 3.11 on PyPI) that is deserialized via `pickle.load()` without validation, mapping to CWE-502. Because pickle can invoke `__reduce__` during load, a controlled path could yield code execution. NVD lists CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), but a third-party GitHub repository publicly disputes the PoC's ability to achieve arbitrary code execution.
Likely exposure
PLY is a widely embedded parsing library, but the vulnerable parameter is a developer-facing option normally set to a local file. Exposure is elevated only where an application accepts untrusted input as the `picklefile` path or ships attacker-writable pickle artifacts. Red Hat has an open tracker (RHBZ#2431308) and CSAF VEX record, but no fixed vendor version is cited in the bundle.
Exploitation context
Not listed in CISA KEV and no confirmed in-the-wild exploitation is cited. Public PoC repositories exist, and a rebuttal repo argues the PoC does not complete successful arbitrary code execution. Exploitation presumes an attacker can influence the `picklefile` argument or replace the referenced pickle file — a scenario that is uncommon outside insecure integrations.
Researcher notes
CWE-502 via `pickle.load` on an undocumented parameter is a plausible unsafe-deserialization sink, but CVSS 9.8 assumes network-reachable, unauthenticated triggering that is not evident from the sources. The `tom025/ply_exploit_rejection` repo and its issue thread challenge the PoC. No vendor patch, no fixed version, and no KEV listing are cited; treat scoring as provisional until dispute status settles.
Mitigation direction
Inventory Python projects that import `ply.yacc` and confirm whether `picklefile` is ever set.
Never pass untrusted or attacker-controlled paths to the `picklefile` parameter of `yacc()`.
Restrict filesystem permissions on any pickle artifacts consumed by PLY-based parsers.
Track Red Hat CVE-2025-56005 and RHBZ#2431308 for a vendor-recommended patched build.
Consider alternative parser generators or pin PLY away from 3.11 pending disposition of the dispute.
Validation and detection
Grep dependencies for `ply==3.11` or PLY as a transitive dependency in `requirements.txt` and lockfiles.
Search source for calls to `yacc.yacc(` and inspect for a `picklefile=` keyword argument.
Confirm whether any code path lets external input reach that argument or the referenced file.
Review Red Hat's CSAF VEX record for affected/unaffected component status.
Monitor the CVE record and NVD for a resolution of the third-party dispute.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-502: Code execution behavior lookup
Code execution and unsafe deserialization weaknesses often justify reviewing execution behavior and process telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
2CVSS vectors
5Timeline events
3ADP providers
8Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: yesTechnical Impact: total
CVSS vector scores
2 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-502 · source CWE mapping
Deserialization of Untrusted Data
Deserialization of Untrusted Data represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.