CVE-2025-22153 — Type Confusion in Restrictedpython

CWE-843 — Type Confusion7 documents5 sources

Severity

7.9HIGHNVD

OSV9.9

EPSS

0.1%

top 81.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zopefoundation Restrictedpython Debian Restrictedpython

Timeline

PublishedJan 23

Latest updateMar 18

Description

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:LExploitability: 1.3 | Impact: 6.0

Affected Packages5 packages

▶debiandebian/restrictedpython< restrictedpython 8.0-1 (forky)

▶PyPIzopefoundation/restrictedpython6.0 — 8.0

▶Debianzopefoundation/restrictedpython< 8.0-1+1

▶Ubuntuzopefoundation/restrictedpython< 4.0~b3-2ubuntu0.1~esm1+2

▶CVEListV5zopefoundation/restrictedpython>= 6.0, < 8.0

🔴Vulnerability Details

OSV

restrictedpython vulnerabilities↗2025-03-18

▶

OSV

try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter↗2025-01-23

▶

GHSA

try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter↗2025-01-23

▶

OSV

CVE-2025-22153: RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment↗2025-01-23

▶

📋Vendor Advisories

Ubuntu

RestrictedPython vulnerabilities↗2025-03-18

▶

Debian

CVE-2025-22153: restrictedpython - RestrictedPython is a tool that helps to define a subset of the Python language ...↗2025

▶