CVE-2025-67747 – Fickling versions before 0.1.6 fail to block un... (How to Fix)

Q: What is the severity of CVE-2025-67747?

CVE-2025-67747 has a CVSS score of 7.8 (HIGH). Fickling versions before 0.1.6 fail to block unsafe 'marshal' and 'types' module imports during pickle file analysis. This allows attackers to craft malicious pickle files that bypass security checks, potentially leading to arbitrary code execution when users deserialize these files. This affects anyone using Fickling to vet pickle files for security issues.

📋 TL;DR

Fickling versions before 0.1.6 fail to block unsafe 'marshal' and 'types' module imports during pickle file analysis. This allows attackers to craft malicious pickle files that bypass security checks, potentially leading to arbitrary code execution when users deserialize these files. This affects anyone using Fickling to vet pickle files for security issues.

💻 Affected Systems

Products:

Fickling

Versions: All versions prior to 0.1.6

Operating Systems: All operating systems running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using Fickling to analyze pickle files is vulnerable regardless of configuration.

📦 What is this software?

Fickling by Trailofbits

View all CVEs affecting Fickling →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the user running Fickling, potentially leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users analyze untrusted pickle files, potentially compromising the host system.

🟢

If Mitigated

No impact if proper patching is applied or if Fickling is not used to analyze untrusted pickle files.

🌐 Internet-Facing: MEDIUM - While Fickling itself isn't typically internet-facing, it could be used in web applications or APIs that process user-uploaded pickle files.

🏢 Internal Only: HIGH - Internal systems using Fickling to analyze pickle files from untrusted sources are at significant risk of compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is well-documented in the advisory with clear exploitation vectors. Crafting malicious pickle files to exploit this is straightforward for attackers with Python knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.6

Vendor Advisory: https://github.com/trailofbits/fickling/security/advisories/GHSA-565g-hwwr-4pp3

Restart Required: No

Instructions:

1. Update Fickling to version 0.1.6 or later using pip: 'pip install --upgrade fickling>=0.1.6'. 2. Verify the update was successful by checking the version. 3. No restart is required as this is a Python library update.

🔧 Temporary Workarounds

Avoid analyzing untrusted pickle files

all

Temporarily stop using Fickling to analyze pickle files from untrusted sources until patched.

Use virtual environment with older version

linux

Isolate vulnerable Fickling installations in virtual environments to limit potential damage.

python -m venv isolated_env
source isolated_env/bin/activate
pip install fickling<0.1.6

🧯 If You Can't Patch

Implement strict input validation to reject pickle files from untrusted sources
Run Fickling in a sandboxed environment with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check Fickling version: 'python -c "import fickling; print(fickling.__version__)"' - if version is less than 0.1.6, you are vulnerable.

Check Version:

python -c "import fickling; print(fickling.__version__)"

Verify Fix Applied:

After updating, verify version is 0.1.6 or higher using the same command. Test with known safe pickle files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Unexpected process execution following pickle file analysis
Errors or warnings related to marshal.loads or types.FunctionType in application logs

Network Indicators:

Unusual outbound connections from systems running Fickling
Data exfiltration patterns following pickle file processing

SIEM Query:

process_name:"python" AND (command_line:"fickling" OR command_line:"pickle") AND (event_type:"process_execution" OR event_type:"network_connection")

📊 Metadata

CVE ID: CVE-2025-67747

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-184

EPSS Score: 0.04% exploit probability (12.7th percentile)

Published: December 16, 2025

Last Updated: January 2, 2026

🔗 References

https://github.com/trailofbits/fickling/commit/4e34561301bda1450268d1d7b0b2b151de33b913 Patch
https://github.com/trailofbits/fickling/pull/186 Issue Tracking
https://github.com/trailofbits/fickling/releases/tag/v0.1.6 Release Notes
https://github.com/trailofbits/fickling/security/advisories/GHSA-565g-hwwr-4pp3 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67747, you might also want to check these: