cbcvebase.
CVE-2025-58367
published 2025-09-05

CVE-2025-58367: DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta…

PriorityP262critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
1.06%
60.2th percentile
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization) exploitation. The gadget available in DeepDiff allows `deepdiff.serialization.SAFE_TO_IMPORT` to be modified to allow dangerous classes such as posix.system, and then perform insecure Pickle deserialization via the Delta class. This potentially allows any Python code to be executed, given that the input to Delta is user-controlled. Depending on the application where DeepDiff is used, this can also lead to other vulnerabilities. This is fixed in version 8.6.1.

Affected

5 ranges
VendorProductVersion rangeFixed in
debiandeepdiff< deepdiff 8.6.1-1 (forky)deepdiff 8.6.1-1 (forky)
sepermandeepdiff
sepermandeepdiff>= 0 < 8.6.1-18.6.1-1
sepermandeepdiff>= 5.0.0 < 8.6.28.6.2
sepermandeepdiff>= 5.0.0 < 8.6.18.6.1

Detection & IOCsextracted from sources · hover to see the quote

processposix.system
  • Monitor for class pollution attempts targeting `deepdiff.serialization.SAFE_TO_IMPORT` — attacker-controlled input to the Delta class constructor can overwrite this allowlist to permit dangerous classes (e.g., posix.system) and trigger insecure Pickle deserialization leading to RCE.
  • Flag any application passing user-controlled data directly into the DeepDiff `Delta` class constructor, as this is the exploitation entry point for both DoS and RCE via insecure Pickle deserialization.
  • Audit installed DeepDiff versions 5.0.0 through 8.6.0 across all environments; these are the confirmed vulnerable range. Upgrade to 8.6.1 or the patched Debian package (8.6.1-1) to remediate.
  • ·Exploitation requires user-controlled input to reach the Delta class constructor. Applications that do not expose Delta to untrusted input are at significantly reduced risk, but the class pollution gadget in DeltaDiff may still be reachable indirectly depending on application architecture.
  • ·Debian bookworm, bullseye, and trixie remain unpatched as of the advisory; only forky and sid have resolved packages (8.6.1-1). Environments running these Debian releases should treat the vulnerability as open until official package updates are available.

CVSS provenance

nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ghsa10.0CRITICAL
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.