Cyber Resilience

CVE-2025-56005

CriticalPublic PoCRCEUpdated

Published: 20 January 2026

Published
20 January 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1865 96.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-56005 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Dabeaz Ply. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-56005 is an undocumented feature in the PLY (Python Lex-Yacc) library version 3.11 that enables remote code execution through the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file, which is deserialized using `pickle.load()` without any validation. Since Python's `pickle` module permits code execution via the `__reduce__()` method, a malicious `.pkl` file can trigger arbitrary code execution. The parameter is not referenced in official documentation or the project's GitHub repository but remains active in the PyPI-distributed version, posing a stealthy backdoor and persistence risk. The vulnerability, published on 2026-01-20, carries a CVSS v3.1 score of 9.8 and is classified under CWE-502 (Deserialization of Untrusted Data).

A remote attacker can exploit this vulnerability by supplying a crafted `.pkl` file to the `picklefile` parameter when the `yacc()` function is invoked, requiring no privileges, user interaction, or special access (AV:N/AC:L/PR:N/UI:N). Successful exploitation leads to high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), allowing full remote code execution on the target system running affected PLY code.

References indicate significant controversy regarding the vulnerability's validity, with no official patches or mitigations detailed. A proof-of-concept is provided in repositories like https://github.com/bohmiiidd/Undocumented-RCE-in-PLY and https://github.com/bohmiiidd/Undocumument_RCE_PLY-yacc-CVE-2025-56005, but a third-party analysis at https://github.com/tom025/ply_exploit_rejection and https://github.com/tom025/ply_exploit_rejection/issues/1 argues for rejection, stating the PoC fails to demonstrate arbitrary code execution. An oss-security mailing list discussion at http://www.openwall.com/lists/oss-security/2026/01/23/4 further highlights this debate. Practitioners should avoid the `picklefile` parameter and monitor for updates from PLY maintainers.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle`…

more

allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the GitHub repository, yet it is active in the PyPI version. This introduces a stealthy backdoor and persistence risk. NOTE: A third-party states that this vulnerability should be rejected because the proof of concept does not demonstrate arbitrary code execution and fails to complete successfully.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Vulnerability enables unauthenticated remote code execution through unsafe pickle deserialization in Python PLY library's yacc() function, facilitating T1190 for public-facing app exploitation and T1059.006 for Python code execution; medium confidence due to reported controversy over PoC validity.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-50460Shared CWE-502
CVE-2026-24186Shared CWE-502
CVE-2025-27780Shared CWE-502
CVE-2026-31234Shared CWE-502
CVE-2025-23045Shared CWE-502
CVE-2026-31072Shared CWE-502
CVE-2024-9701Shared CWE-502
CVE-2026-26210Shared CWE-502
CVE-2025-27781Shared CWE-502
CVE-2025-2000Shared CWE-502

Affected Assets

dabeaz
ply
3.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates risk-based remediation of identified flaws like the unsafe deserialization in PLY 3.11 to eliminate the RCE vulnerability.

prevent

Requires validation of untrusted inputs such as the picklefile parameter prior to deserialization to block malicious pickle data execution.

prevent

Enforces least functionality by restricting or prohibiting unsafe undocumented features like the picklefile parameter in the yacc function.

References