CVE-2025-61774 Overview
CVE-2025-61774 is a critical remote code execution vulnerability affecting PyVista, a popular 3D plotting and mesh analysis library that provides an interface for the Visualization Toolkit (VTK). Version 0.46.3 of the PyVista Project is vulnerable to dependency confusion, a supply chain attack vector that allows attackers to execute arbitrary code by exploiting misconfigurations in package installation.
The vulnerability stems from the use of --extra-index-url in pip installation commands within the project's build scripts. When this flag is used, pip checks PyPI first before consulting the external index. An attacker can exploit this behavior by publishing a malicious package with a higher version number on PyPI for a package name that exists only on the private/external index, causing pip to pull the attacker-controlled package instead.
Critical Impact
This vulnerability enables remote code execution through supply chain compromise, potentially affecting all developers and CI/CD pipelines that build PyVista from source or use its development containers.
Affected Products
- PyVista version 0.46.3
- PyVista development containers using oncreatecommand.sh
- PyVista Docker images built from slim.Dockerfile
Discovery Timeline
- 2025-10-06 - CVE-2025-61774 published to NVD
- 2025-10-08 - Last updated in NVD database
Technical Details for CVE-2025-61774
Vulnerability Analysis
This vulnerability is classified as CWE-94 (Improper Control of Generation of Code), specifically manifesting as a dependency confusion attack. The root issue lies in how pip resolves package dependencies when multiple package indexes are configured.
In PyVista's build infrastructure, the --extra-index-url flag is used to specify an additional package index. However, this configuration creates a security gap: pip will check PyPI (the public Python Package Index) first, before checking the specified extra index URL. If an internal or private package name is not registered on PyPI, an attacker can register that name on PyPI with a high version number.
When pip encounters this situation, it will prefer the package from PyPI (due to the higher version number) over the intended package from the private index, resulting in the installation and execution of attacker-controlled code during the build process.
Root Cause
The vulnerability originates from insecure pip configuration in two locations within the PyVista repository:
- The development container setup script at .devcontainer/offscreen/oncreatecommand.sh (line 4)
- The Docker build file at docker/slim.Dockerfile (line 13)
Both files use --extra-index-url without proper safeguards. The secure alternative would be to use --index-url to completely replace the default PyPI index, or to use hash verification and pinned versions. Additionally, packages referenced in these scripts were not registered on PyPI, leaving the namespace open for malicious registration.
Attack Vector
The attack is network-based and requires no authentication or user interaction. An attacker exploits this vulnerability through the following mechanism:
- The attacker identifies an unpublished package name used in PyVista's build scripts that references a private package index
- The attacker creates a malicious Python package with the same name and registers it on PyPI with a high version number (e.g., 999.0.0)
- When a developer or CI/CD pipeline builds PyVista, pip installs the malicious package from PyPI
- Malicious code in the package's setup.py or package initialization executes during installation or import
The attack is particularly dangerous because it targets the software supply chain, potentially compromising any system that builds or installs the affected PyVista version.
Detection Methods for CVE-2025-61774
Indicators of Compromise
- Unexpected network connections to unknown package hosting servers during pip install operations
- Unusual packages appearing in pip list output that were not explicitly installed
- Modified or unexpected files in Python site-packages directories after PyVista installation
- Anomalous process execution spawned from Python pip install or package import operations
Detection Strategies
- Audit pip installation logs for packages sourced from unexpected indexes during PyVista builds
- Monitor for new packages registered on PyPI that match internal or private package names used in your organization
- Implement software composition analysis (SCA) tools to verify package integrity and provenance
- Review build artifacts and Docker images for unauthorized package installations
Monitoring Recommendations
- Enable verbose pip logging (pip install -v) and archive logs for security review
- Implement network monitoring to detect unexpected outbound connections during build processes
- Configure alerts for changes to Python package installations in production environments
- Use package lockfiles with hash verification to detect unexpected package substitutions
How to Mitigate CVE-2025-61774
Immediate Actions Required
- Avoid using PyVista version 0.46.3 development containers and Docker builds until a patch is available
- Audit all pip configurations in your projects for use of --extra-index-url without proper safeguards
- Register placeholder packages on PyPI for any internal package names to prevent namespace hijacking
- Use --index-url instead of --extra-index-url when possible to avoid dual-index resolution issues
Patch Information
As of the publication date, a patched version of PyVista is unavailable. The PyVista project has acknowledged the vulnerability in their GitHub Security Advisory. A commit addressing this issue has been made to the repository.
Organizations using PyVista should monitor the official repository for security updates and apply patches immediately when released.
Workarounds
- Replace --extra-index-url with --index-url in build scripts to prevent PyPI fallback behavior
- Implement hash verification in requirements.txt using the --require-hashes flag
- Use a private PyPI mirror or proxy that filters external packages
- Pin exact package versions and verify checksums before installation
# Secure pip configuration example
# Use --index-url instead of --extra-index-url to prevent dependency confusion
pip install --index-url https://your-private-index.example.com/simple/ \
--require-hashes \
-r requirements.txt
# Alternative: Use pip.conf to set trusted index
cat > ~/.pip/pip.conf << EOF
[global]
index-url = https://your-private-index.example.com/simple/
trusted-host = your-private-index.example.com
EOF
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
