CVE-2025-50817

CVSS v4.0

7.3

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Name of the Vulnerable Software and Affected Versions Python-Future version 1.0.0

Description An issue in the Python-Future module allows for arbitrary code execution through the unintended import of a file named 'test.py'. When the module is loaded, it automatically imports 'test.py' if the file exists in the same directory or within the sys.path. An attacker with the ability to write files to the server can exploit this behavior to execute arbitrary code.

Recommendations Update Python-Future version 1.0.0 to the latest version that contains the fix for the automatic import of 'test.py'. As a temporary workaround, ensure that no file named 'test.py' exists in the module's directory or within the sys.path to prevent unintended execution.

Fix

Command Injection

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-22

Related Identifiers

CVE-2025-50817

GHSA-XQRQ-4MGF-FF32

SUSE-SU-2025:03028-1

SUSE-SU-2025:03029-1

SUSE-SU-2025:03038-1

SUSE-SU-2025:03049-1

SUSE-SU-2025_03028-1

SUSE-SU-2025_03029-1

SUSE-SU-2025_03038-1

SUSE-SU-2025_03049-1

Affected Products

Debian

Python-Future

Suse

CVE-2025-50817

Weakness Enumeration

Related Identifiers

Affected Products

References · 29