CVE-2025-58367

Name of the Vulnerable Software and Affected Versions DeepDiff versions 5.0.0 through 8.6.0

Description DeepDiff is a Python project for deep difference and search of data. Versions 5.0.0 through 8.6.0 are susceptible to class pollution through the Delta class constructor. When combined with a gadget in DeltaDiff, this can lead to Denial of Service and Remote Code Execution via insecure Pickle deserialization. The gadget allows modification of deepdiff.serialization.SAFE TO IMPORT to permit dangerous classes, such as posix.system, enabling the execution of arbitrary Python code through user-controlled input to the Delta class.

Recommendations Update to DeepDiff version 8.6.1 or later.