CVE-2025-27607

Name of the Vulnerable Software and Affected Versions Python JSON Logger versions prior to 3.3.0

Description The issue is related to a missing dependency in the Python JSON Logger, which could allow a remote attacker to execute arbitrary code. This occurred because the msgspec-python313-pre package was deleted by its owner, leaving its name open to being claimed by a third party. If the package was claimed, it would allow the claimant remote code execution on any Python JSON Logger user who installed the development dependencies on Python 3.13. The estimated number of potentially affected devices is over 13 million.

Recommendations Update to Python JSON Logger version 3.3.0 or later to resolve the issue. As a temporary workaround, consider avoiding the installation of development dependencies on Python 3.13 until the issue is resolved. Restrict access to the vulnerable python-json-logger package to minimize the risk of exploitation.