CVE-2024-50636
📋 TL;DR
PyMOL 2.5.0 contains a critical vulnerability in its 'Run Script' function that allows arbitrary Python code execution via malicious .PYM files. Attackers can achieve Remote Command Execution (RCE) by tricking users into opening crafted files, potentially compromising systems running vulnerable PyMOL instances. This affects all users of PyMOL 2.5.0 who process untrusted .PYM files.
💻 Affected Systems
- PyMOL
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via reverse shell payload, allowing attacker to execute arbitrary commands, steal data, install malware, and pivot to other systems.
Likely Case
Local privilege escalation or malware installation when users open malicious .PYM files from untrusted sources.
If Mitigated
Limited impact if users only open trusted .PYM files and system has proper network segmentation.
🎯 Exploit Status
Exploit requires user to open malicious .PYM file. Public proof-of-concept demonstrates reverse shell payload.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.0
Vendor Advisory: https://github.com/schrodinger/pymol-open-source/issues/405
Restart Required: Yes
Instructions:
1. Download PyMOL 2.6.0 or later from official sources. 2. Uninstall previous version. 3. Install new version. 4. Restart system.
🔧 Temporary Workarounds
Disable .PYM file association
allRemove file association for .PYM files to prevent automatic execution in PyMOL
Windows: assoc .pym=
Linux: Remove .pym MIME type associations
Restrict script execution
allConfigure PyMOL to disable script execution or run in sandboxed environment
Run PyMOL with --no-script flag if supported
🧯 If You Can't Patch
- Implement strict file handling policies: only open .PYM files from trusted sources
- Use application whitelisting to restrict PyMOL execution to specific directories
🔍 How to Verify
Check if Vulnerable:
Check PyMOL version: Open PyMOL and look at version in title bar or use 'help about'Check Version:
pymol --version (Linux/macOS) or check About dialog (Windows)Verify Fix Applied:
Verify PyMOL version is 2.6.0 or higher📡 Detection & Monitoring
Log Indicators:
- PyMOL executing unexpected Python commands
- Network connections from PyMOL process to unusual destinations
Network Indicators:
- Outbound connections from PyMOL process on non-standard ports
- Reverse shell traffic patterns
SIEM Query:
process_name:pymol AND (command_line:*python* OR network_connection:*:* AND NOT destination_port:80,443)