Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-56005

CVE-2025-56005: Dabeaz Ply RCE Vulnerability

CVE-2025-56005 is a remote code execution flaw in Dabeaz Ply 3.11 involving unsafe pickle deserialization via the yacc() function. This article covers the technical details, affected versions, security impact, and mitigation.

Updated:

CVE-2025-56005 Overview

CVE-2025-56005 is a critical insecure deserialization vulnerability affecting the PLY (Python Lex-Yacc) library version 3.11. The vulnerability exists in an undocumented picklefile parameter within the yacc() function, which accepts a .pkl file that is deserialized using Python's pickle.load() without proper validation. Since Python's pickle module allows execution of embedded code via the __reduce__() method, an attacker can achieve Remote Code Execution (RCE) by supplying a malicious pickle file.

This vulnerability is particularly concerning because the vulnerable parameter is not mentioned in official documentation or the GitHub repository, yet remains active in the PyPI version of the library. This creates a stealthy backdoor and persistence risk for applications using PLY.

Critical Impact

Remote Code Execution via unsafe pickle deserialization in an undocumented feature, allowing attackers to execute arbitrary code on systems running affected PLY library versions. Note that the validity of this CVE is disputed, with third parties questioning whether the proof of concept successfully demonstrates arbitrary code execution.

Affected Products

  • Dabeaz PLY version 3.11
  • Applications and tools using PLY 3.11 for lexing and parsing operations
  • Python projects with PLY 3.11 as a dependency

Discovery Timeline

  • 2026-01-20 - CVE CVE-2025-56005 published to NVD
  • 2026-02-06 - Last updated in NVD database

Technical Details for CVE-2025-56005

Vulnerability Analysis

The vulnerability stems from unsafe use of Python's pickle serialization module within the PLY library's parser generation functionality. The yacc() function in PLY includes an undocumented picklefile parameter that allows users to specify a .pkl file path. When provided, this file is loaded and deserialized using pickle.load() without any validation or sanitization of the file contents.

Python's pickle module is inherently unsafe for deserializing untrusted data because pickled objects can define a __reduce__() method that specifies arbitrary code to execute during unpickling. This means any application that calls yacc() with a user-controlled or externally-provided pickle file path becomes vulnerable to code execution.

The lack of documentation for this parameter adds an additional layer of concern, as developers may be unaware of this attack surface. Security teams auditing PLY-dependent applications would have difficulty identifying this risk without inspecting the library's source code directly.

Root Cause

The root cause is the unsafe deserialization of pickle data (CWE-502: Deserialization of Untrusted Data). The PLY library directly uses pickle.load() to deserialize parser table data from user-specified file paths without implementing any safeguards such as cryptographic integrity verification, allowlist-based object filtering, or using safer serialization alternatives.

Attack Vector

The attack can be executed over the network in scenarios where:

  1. An application using PLY allows external input to influence the picklefile parameter path
  2. An attacker can place a malicious pickle file on a path accessible to the target application
  3. File upload functionality exists that could be leveraged to plant the malicious pickle file

The exploitation process involves crafting a malicious pickle file that, when deserialized, invokes the __reduce__() method to execute attacker-controlled commands. Once the application calls yacc() with the path to this malicious file, arbitrary code execution occurs with the privileges of the running process.

For technical analysis of the vulnerability mechanism, refer to the GitHub PoC Repository and Openwall OSS Security discussions for detailed information. Note that the validity of this vulnerability is disputed by third parties, as documented in the ply exploit rejection repository.

Detection Methods for CVE-2025-56005

Indicators of Compromise

  • Unexpected .pkl files appearing in application directories or temporary folders
  • Process spawning or network connections originating from Python applications using PLY
  • Unusual file access patterns to pickle files by Python processes
  • System modifications or persistence mechanisms established after PLY library operations

Detection Strategies

  • Monitor for calls to yacc() function with the picklefile parameter in application logs
  • Implement file integrity monitoring on directories where PLY parser tables may be stored
  • Analyze Python application behavior for unexpected subprocess creation or network activity
  • Deploy endpoint detection to identify pickle deserialization followed by suspicious command execution

Monitoring Recommendations

  • Enable logging for file operations targeting .pkl files in application directories
  • Configure alerts for unusual process chains originating from Python interpreters
  • Implement application-level monitoring for PLY library function calls with external file parameters
  • Review dependency chains to identify all applications using PLY 3.11

How to Mitigate CVE-2025-56005

Immediate Actions Required

  • Audit all applications using PLY library to identify usage of the picklefile parameter
  • Ensure no user-controlled input can influence file paths passed to yacc()
  • Consider removing or replacing PLY 3.11 in production environments until a patched version is available
  • Implement strict file path validation if pickle file parameters must be used

Patch Information

As of the last update on 2026-02-06, no official patch has been released for this vulnerability. Organizations should monitor the Dabeaz PLY GitHub repository and PyPI for security updates. Note that the validity of this CVE is disputed, and users should review the GitHub Issue Tracker and Openwall security discussions for the latest information on this dispute.

Workarounds

  • Avoid using the picklefile parameter in yacc() calls entirely
  • If pickle files must be used, ensure they are generated locally and protected with strict file permissions
  • Implement input validation to reject any external or user-controlled file paths for parser operations
  • Consider using alternative parsing libraries that do not rely on pickle serialization
bash
# Verify PLY version in your environment
pip show ply | grep -E "^(Name|Version):"

# Search for potentially vulnerable yacc() calls with picklefile parameter
grep -r "yacc.*picklefile" --include="*.py" /path/to/application

# Check for suspicious .pkl files in common directories
find /var/www /opt /home -name "*.pkl" -type f -ls 2>/dev/null

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.