Cyber Resilience

CVE-2025-24359

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24359 is a high-severity Use of Externally-Controlled Format String (CWE-134) vulnerability in Pocoo (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked at the 9.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24359 is a high-severity vulnerability (CVSS 8.4) in the ASTEVAL library, a Python expression and statement evaluator, affecting versions prior to 1.0.6. The issue stems from improper handling of FormattedValue AST nodes in the on_formattedvalue method, which invokes the str class's format method insecurely via fmt.format(__fstring__=val). This allows attackers controlling input to asteval to manipulate the format string, bypass the library's sandbox restrictions, and execute arbitrary Python code within the host application's context. It is associated with CWE-134 (Use of Externally-Controlled Format String) and CWE-749 (Exposed Dangerous Method or Function).

An attacker with the ability to supply input to an application using asteval can exploit this locally (AV:L) with low complexity (AC:L) and no privileges (PR:N), requiring no user interaction (UI:N). By crafting input that triggers an AttributeError exception during formatting, the attacker can catch the exception and access its obj attribute, enabling arbitrary read/write access to protected object properties and full code execution in the application's security context, with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

The GitHub security advisory (GHSA-3wwr-3g9f-9gc7) and affected code confirm that upgrading to version 1.0.6 resolves the issue by addressing the insecure format handling. Additional context on str.format risks is provided in a 2016 blog post by Armin Ronacher.

EU & UK References

Vulnerability details

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application…

more

using the library. The vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the `on_formattedvalue` value uses the dangerous format method of the str class. The code allows an attacker to manipulate the value of the string used in the dangerous call `fmt.format(__fstring__=val)`. This vulnerability can be exploited to access protected attributes by intentionally triggering an `AttributeError` exception. The attacker can then catch the exception and use its `obj` attribute to gain arbitrary access to sensitive or protected object properties. Version 1.0.6 fixes this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

The vulnerability enables arbitrary Python code execution by bypassing ASTEVAL sandbox restrictions via insecure format string handling, directly mapping to T1059.006.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-64157Shared CWE-134
CVE-2024-13242Shared CWE-749
CVE-2025-47366Shared CWE-749
CVE-2026-30957Shared CWE-749
CVE-2025-40600Shared CWE-134
CVE-2026-3509Shared CWE-134
CVE-2026-33210Shared CWE-134
CVE-2026-22190Shared CWE-134
CVE-2025-53964Shared CWE-749
CVE-2024-45324Shared CWE-134

Affected Assets

Pocoo
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely remediation of flaws by patching ASTEVAL to version 1.0.6 or later, directly eliminating the insecure FormattedValue handling that enables arbitrary code execution.

prevent

Enforces validation of attacker-controlled inputs to the asteval library, blocking malicious format strings and FormattedValue AST nodes that bypass sandbox restrictions.

detect

Vulnerability scanning identifies systems using vulnerable ASTEVAL versions prior to 1.0.6, enabling proactive remediation before exploitation.

References