CVE-2025-49597

Name of the Vulnerable Software and Affected Versions goodby-csv versions prior to 1.4.3

Description The issue concerns an insecure deserialization vulnerability in the goodby-csv library, which can be used as part of a "gadget chain" to achieve remote code execution if an application deserializes untrusted data due to another vulnerability. This presents no direct threat but is a vector that can be exploited.

Recommendations For versions prior to 1.4.3, update to version 1.4.3 to resolve the issue. As a temporary workaround, consider restricting the use of the goodby-csv library in applications that deserialize untrusted data to minimize the risk of exploitation.