CVE-2024-50636

Name of the Vulnerable Software and Affected Versions: PyMOL version 2.5.0

Description: The issue arises from the "Run Script" function in PyMOL, which allows the execution of arbitrary Python code embedded within .PYM files. This enables attackers to craft malicious .PYM files containing Python reverse shell payloads to achieve Remote Command Execution (RCE). The vulnerability occurs because PyMOL treats .PYM files as Python scripts without proper validation or restriction of the commands within the script, allowing attackers to run unauthorized commands in the context of the user running the application.

Recommendations: For PyMOL version 2.5.0, consider disabling the "Run Script" function until a patch is available to prevent the execution of arbitrary Python code. Restrict access to .PYM files to minimize the risk of exploitation. Avoid using .PYM files that contain potentially malicious Python code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.