PT-2025-21282 · Python+10 · Cpython+10

Serhiy-Storchaka

·

Published

2025-05-15

·

Updated

2026-05-18

·

CVE-2025-4516

CVSS v4.0

5.9

Medium

VectorAV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions: CPython (affected versions not specified)
Description: The issue arises when using bytes.decode() with the "unicode escape" encoding and an error handler set to "ignore" or "replace". Users not utilizing this specific encoding or error handler are not affected.
Recommendations: To work around this issue, consider stopping the use of the error handler in the bytes.decode() call and instead wrap it in a try-except block to catch the DecodeError.

Fix

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:23530
AZL-61865
AZL-61870
BDU:2025-10930
BIT-LIBPYTHON-2025-4516
BIT-PYTHON-2025-4516
BIT-PYTHON-MIN-2025-4516
CLEANSTART-2026-CI66802
CLEANSTART-2026-KM27583
CLEANSTART-2026-SP91806
CVE-2025-4516
ECHO-0E3F-250A-3E24
MGASA-2025-0280
OESA-2025-2288
OESA-2025-2289
OESA-2025-2290
OESA-2025-2302
OESA-2025-2306
OPENSUSE-SU-2025:15141-1
OPENSUSE-SU-2025:15154-1
OPENSUSE-SU-2025:15163-1
OPENSUSE-SU-2025:15190-1
OPENSUSE-SU-2025:15191-1
OPENSUSE-SU-2025:15192-1
OPENSUSE-SU-2025:15713-1
PSF-2025-4
SUSE-SU-2025:01877-1
SUSE-SU-2025:02038-1
SUSE-SU-2025:02047-1
SUSE-SU-2025:02048-1
SUSE-SU-2025:02049-1
SUSE-SU-2025:02050-1
SUSE-SU-2025:02057-1
SUSE-SU-2025:02074-1
SUSE-SU-2025:02297-1
SUSE-SU-2025:02778-1
SUSE-SU-2025:20374-1
SUSE-SU-2025:20492-1
SUSE-SU-2025:20539-1
SUSE-SU-2025_02047-1
SUSE-SU-2025_02049-1
SUSE-SU-2025_02050-1
SUSE-SU-2025_02057-1
SUSE-SU-2025_02297-1
SUSE-SU-2025_02778-1
USN-7570-1

Affected Products

Almalinux
Astra Linux
Cpython
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu