CVE-2025-22153

Name of the Vulnerable Software and Affected Versions RestrictedPython versions 6.0 through 7.x CPython interpreter versions 3.11 through 3.13.1

Description The issue is caused by a type confusion bug in the CPython interpreter when using try/except*. This bug allows RestrictedPython to be bypassed, potentially compromising the security of the trusted environment. The problem is resolved in version 8.0 of RestrictedPython by removing support for try/except* clauses. There are no known workarounds available.

Recommendations For RestrictedPython versions 6.0 through 7.x, update to version 8.0 to resolve the issue. For CPython interpreter versions 3.11 through 3.13.1, consider upgrading to a version where the type confusion bug is fixed, or avoid using try/except* clauses until a patch is available. As a temporary workaround, consider disabling the use of try/except* clauses in RestrictedPython until a patch is available.