CVE-2025-50460

Name of the Vulnerable Software and Affected Versions ms-swift version 3.3.0

Description A remote code execution (RCE) vulnerability exists due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). An attacker controlling the YAML configuration file passed to the --run config parameter can execute arbitrary code during deserialization, potentially leading to full system compromise. The vulnerability is triggered when a malicious YAML file is loaded, allowing the execution of arbitrary Python commands such as os.system().

Recommendations Upgrade PyYAML to version 5.4 or higher. Use yaml.safe load() instead of yaml.load() to mitigate the issue.