CVE-2025-68480

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Marshmallow versions 3.0.0rc1 through 3.26.1 Marshmallow versions 4.0.0 through 4.1.1

Description Marshmallow, a library for converting complex objects to and from simple Python datatypes, contains a flaw in the Schema.load(data, many=True) method. A moderately sized request can cause excessive CPU usage, leading to a denial of service.

Recommendations Update to Marshmallow version 3.26.2 or later. Update to Marshmallow version 4.1.2 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-405

Related Identifiers

CVE-2025-68480

GHSA-428G-F7CQ-PGP5

OPENSUSE-SU-2026:10003-1

OPENSUSE-SU-2026:20087-1

SUSE-SU-2026:0226-1

SUSE-SU-2026:20130-1

USN-8225-1

Affected Products

Debian

Linuxmint

Marshmallow

Ubuntu

CVE-2025-68480

Weakness Enumeration

Related Identifiers

Affected Products

References · 34