CVE-2025-56005

Name of the Vulnerable Software and Affected Versions PLY (Python Lex-Yacc) version 3.11

Description An undocumented and unsafe feature in the PLY library allows Remote Code Execution (RCE) via the picklefile parameter in the yacc() function. This parameter accepts a .pkl file that is deserialized with pickle.load() without validation. The pickle module allows execution of embedded code via reduce (), enabling an attacker to achieve code execution by providing a malicious pickle file. The parameter is not documented in official sources, yet it remains active. This introduces a potential backdoor and persistence risk, particularly in scenarios where parser tables are cached or shared, such as in CI/CD environments or network shares. The vulnerability is related to the deserialization of untrusted data, specifically through the use of the pickle module. Exploitation can lead to arbitrary code execution as the Python service user, potentially resulting in credential theft, supply-chain poisoning, and the deployment of malicious software. The yacc() function is the entry point for this issue.

Recommendations Audit all yacc.yacc() call sites and ensure the picklefile parameter cannot be set from user input, repositories, or tenant-controlled configuration. Disable parser table pickling/caching where possible, or force the cache path to a trusted, immutable location. For internet-facing parsing endpoints, block requests containing picklefile= and similar parameter injection patterns at the edge or Web Application Firewall (WAF). Monitor code and logs for picklefile usage and monitor creation/access of .pkl/pickle artifacts in parser/cache directories. Monitor Python services for suspicious child process execution, unexpected outbound traffic, and new persistence mechanisms.