CVE-2025-22153

try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter

Severity Score

7.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available.

Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not properly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Abhishek Govindarasu, Ankush Menat and Ward Theunisse discovered that RestrictedPython did not correctly handle certain format strings. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Attack Vector

Network

Attack Complexity

High

Authentication

Multiple

Confidentiality

Complete

Integrity

Complete

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-12-30 CVE Reserved
2025-01-23 CVE Published
2025-02-12 CVE Updated
2025-04-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CAPEC

References (2)

URL	Tag	Source
https://github.com/zopefoundation/RestrictedPython/commit/48a92c5bb617a647cffd0dadd4d5cfe626bcdb2f	X_refsource_misc
https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-gmj9-h825-chq2	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zopefoundation Search vendor "Zopefoundation"		RestrictedPython Search vendor "Zopefoundation" for product "RestrictedPython"				>= 6.0 < 8.0 Search vendor "Zopefoundation" for product "RestrictedPython" and version " >= 6.0 < 8.0"		en		Affected