cbcvebase.
CVE-2025-56005
published 2026-01-20

CVE-2025-56005: An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()`…

PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
16.90%
96.7th percentile
An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the GitHub repository, yet it is active in the PyPI version. This introduces a stealthy backdoor and persistence risk. NOTE: A third-party states that this vulnerability should be rejected because the proof of concept does not demonstrate arbitrary code execution and fails to complete successfully.

Affected

2 ranges
VendorProductVersion rangeFixed in
dabeazply
debianply

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for use of the undocumented `picklefile` parameter in calls to the `yacc()` function within PLY (Python Lex-Yacc) library version 3.11
  • Detect deserialization of `.pkl` files via `pickle.load()` without validation, especially when invoked from PLY's yacc module
  • Alert on pickle files containing `__reduce__()` method implementations being loaded by PLY, as this is the mechanism for embedding malicious code execution payloads
  • Investigate attack vectors that allow an attacker to supply or modify a pickle file loaded by PLY, including shared directory race conditions, configuration injection, supply chain compromise, file upload, or path traversal vulnerabilities
  • ·The vulnerable `picklefile` parameter is undocumented and only present in the PyPI-distributed version of PLY 3.11; it is not mentioned in official documentation or the GitHub repository, making it a stealthy attack surface
  • ·Exploitation is conditional: the target application must explicitly use the undocumented `picklefile` parameter AND the attacker must be able to influence which pickle file is loaded; this is not universally exploitable
  • ·A third-party disputes this CVE, stating the proof of concept does not demonstrate arbitrary code execution and fails to complete successfully
  • ·The `python-ply` package itself is marked 'Not affected' on RHEL 7, 8, 9, and 10; affected packages are downstream consumers that bundle PLY

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.