Cyber Resilience

CVE-2025-22153

High

Published: 23 January 2025

Published
23 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
EPSS Score 0.0005 15.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22153 is a high-severity Type Confusion (CWE-843) vulnerability. Its CVSS base score is 7.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked at the 15.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-22153 is a type confusion vulnerability stemming from a bug in the CPython interpreter versions 3.11 through 3.13.1, specifically when handling `try/except*` clauses. This flaw enables bypass of RestrictedPython, a tool designed to enforce a restricted subset of the Python language for safely executing untrusted program input in trusted environments. The issue affects RestrictedPython versions from 6.0 up to but not including 8.0 when used with the vulnerable CPython range, and is classified under CWE-843 (Type Confusion).

Exploitation requires high privileges (PR:H) and high attack complexity (AC:H), but can occur over the network (AV:N) with no user interaction (UI:N). Successful attacks change scope (S:C), granting high confidentiality and integrity impacts (C:H/I:H) alongside low availability impact (A:L), for an overall CVSS v3.1 score of 7.9. An attacker with elevated access could craft malicious Python code using `try/except*` to evade RestrictedPython's restrictions, potentially executing unauthorized operations within the sandboxed environment.

The vulnerability is addressed in RestrictedPython version 8.0, which patches the issue by removing support for `try/except*` clauses entirely. No workarounds are available. Details are provided in the RestrictedPython security advisory (GHSA-gmj9-h825-chq2) and the patching commit (48a92c5bb617a647cffd0dadd4d5cfe626bcdb2f).

EU & UK References

Vulnerability details

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and…

more

prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The type confusion vulnerability directly enables bypassing RestrictedPython sandbox restrictions to execute unauthorized Python code (T1059.006) and facilitates privilege escalation by exploiting the flaw to achieve high confidentiality/integrity impacts with scope change (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7914Shared CWE-843
CVE-2024-40676Shared CWE-843
CVE-2026-27144Shared CWE-843
CVE-2026-9117Shared CWE-843
CVE-2026-26162Shared CWE-843
CVE-2026-21519Shared CWE-843
CVE-2026-20860Shared CWE-843
CVE-2025-0147Shared CWE-843
CVE-2026-35417Shared CWE-843
CVE-2026-34344Shared CWE-843

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the type confusion flaw in RestrictedPython (to v8.0) and CPython (to 3.13.2+), directly eliminating the sandbox bypass vulnerability.

preventdetect

Mandates vulnerability scanning to identify systems with vulnerable RestrictedPython (6.0-<8.0) and CPython (3.11-3.13.1) versions, followed by risk-based remediation to prevent exploitation.

prevent

Restricts installation and execution to approved, non-vulnerable versions of RestrictedPython and CPython, preventing deployment of affected software components.

References