A critical vulnerability has been identified in the PyPI-distributed version of PLY (Python Lex-Yacc) 3.11, allowing arbitrary code execution through unsafe deserialization of untrusted pickle files. The vulnerability, assigned CVE-2025-56005, affects the undocumented picklefile parameter in the yacc() function, which remains absent from official documentation despite being present in the production release. The vulnerability stems from the yacc(picklefile=…) parameter invoking pickle.load() on attacker-controlled […]
The post Critical Vulnerability in Python PLY Library Enables Remote Code Execution – PoC Published appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: