CVE-2025-56005
📋 TL;DR
CVE-2025-56005 is a critical vulnerability in the PLY (Python Lex-Yacc) library that allows remote code execution via an undocumented 'picklefile' parameter in the yacc() function. Attackers can achieve arbitrary code execution by providing a malicious pickle file that gets deserialized without validation. This affects any Python application using PLY 3.11 for parsing tasks.
💻 Affected Systems
- PLY (Python Lex-Yacc)
📦 What is this software?
Ply by Dabeaz
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over the affected system, data exfiltration, lateral movement, and persistent backdoor installation.
Likely Case
Remote code execution leading to application compromise, data theft, and potential privilege escalation depending on the application's permissions.
If Mitigated
Limited impact with proper input validation and network segmentation, potentially only affecting the specific application instance.
🎯 Exploit Status
Exploitation requires the attacker to provide a malicious pickle file to the vulnerable parameter. Public proof-of-concept code is available in GitHub repositories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Check if your application uses PLY 3.11
2. Monitor official PLY repositories for security updates
3. Consider downgrading to a previous version if compatible
4. Apply workarounds immediately
🔧 Temporary Workarounds
Remove picklefile parameter usage
allAudit and remove any usage of the undocumented picklefile parameter in yacc() function calls
grep -r "picklefile" /path/to/your/code/
sed -i '/picklefile/d' affected_files.py
Input validation wrapper
allCreate a wrapper function that validates yacc() parameters before passing to PLY
def safe_yacc(*args, **kwargs):
if 'picklefile' in kwargs:
raise ValueError('picklefile parameter not allowed')
return yacc.yacc(*args, **kwargs)
🧯 If You Can't Patch
- Implement strict input validation to reject picklefile parameter in all yacc() calls
- Network segmentation to isolate vulnerable applications and monitor for suspicious pickle file transfers
🔍 How to Verify
Check if Vulnerable:
Check if your Python code imports ply.yacc and calls yacc() function. Then verify if PLY version is 3.11 using pip show ply or check the __version__ attribute.Check Version:
python -c "import ply; print(ply.__version__)" or pip show ply | grep VersionVerify Fix Applied:
Test that attempts to pass picklefile parameter to yacc() are rejected or cause errors. Verify no pickle deserialization occurs from untrusted sources.📡 Detection & Monitoring
Log Indicators:
- Unexpected pickle file processing
- Python tracebacks mentioning pickle.load() in PLY context
- Unusual process execution from Python interpreter
Network Indicators:
- Transfer of .pkl files to applications using PLY
- Unexpected network connections from Python processes
SIEM Query:
source="application_logs" AND "picklefile" OR source="system_logs" AND process="python" AND parent_process="application_using_ply"🔗 References
- https://github.com/bohmiiidd/Undocumented-RCE-in-PLY
- https://github.com/bohmiiidd/Undocumument_RCE_PLY-yacc-CVE-2025-56005
- https://github.com/tom025/ply_exploit_rejection
- https://github.com/tom025/ply_exploit_rejection/issues/1
- http://www.openwall.com/lists/oss-security/2026/01/23/4
- http://www.openwall.com/lists/oss-security/2026/01/23/5
- http://www.openwall.com/lists/oss-security/2026/01/28/5
- http://www.openwall.com/lists/oss-security/2026/01/29/1
- http://www.openwall.com/lists/oss-security/2026/01/29/2
- http://www.openwall.com/lists/oss-security/2026/01/30/1
