CVE-2025-67748 – Fickling versions before 0.1.6 incorrectly flag... (How to Fix)

📋 TL;DR

Fickling versions before 0.1.6 incorrectly flagged unsafe pickle files as safe due to missing 'pty' module in the unsafe import blocklist. This vulnerability allows malicious pickle files using pty.spawn() to bypass security checks, affecting any system using Fickling to analyze pickle files for security risks.

💻 Affected Systems

Products:

Fickling

Versions: All versions prior to 0.1.6

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using Fickling to analyze pickle files for security is affected regardless of configuration.

📦 What is this software?

Fickling by Trailofbits

View all CVEs affecting Fickling →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution via malicious pickle files that spawn shells or execute arbitrary commands when processed by vulnerable Fickling instances.

🟠

Likely Case

Security analysis bypass leading to false sense of security about malicious pickle files, potentially enabling code execution in downstream systems that trust Fickling's analysis.

🟢

If Mitigated

Limited to pickle file analysis bypass without direct exploitation if Fickling is used only for static analysis.

🌐 Internet-Facing: MEDIUM - Fickling is typically used as a security analysis tool rather than an internet-facing service, but could be part of automated security pipelines.

🏢 Internal Only: MEDIUM - Internal security analysis tools could provide false security assessments of pickle files used in internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires creating malicious pickle files that use pty.spawn() and having them analyzed by vulnerable Fickling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.6

Vendor Advisory: https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2

Restart Required: No

Instructions:

1. Update Fickling using pip: 'pip install --upgrade fickling>=0.1.6'
2. Verify installation: 'pip show fickling'
3. Test with known malicious pickle files to ensure detection works

🔧 Temporary Workarounds

Manual pty module detection

all

Add custom check for pty module imports in pickle analysis scripts

# Add to your analysis script:
import fickling
# Custom check for pty imports in pickle files

🧯 If You Can't Patch

Discontinue use of Fickling for security analysis of pickle files
Use alternative pickle analysis tools or manual inspection methods

🔍 How to Verify

Check if Vulnerable:

Check Fickling version: 'pip show fickling | grep Version' - if version is less than 0.1.6, system is vulnerable.

Check Version:

pip show fickling | grep Version

Verify Fix Applied:

Test with pickle files containing pty.spawn() calls - Fickling 0.1.6+ should flag them as unsafe.

📡 Detection & Monitoring

Log Indicators:

Fickling analysis logs showing pickle files flagged as LIKELY_SAFE that contain pty imports
Unexpected process spawns from pickle analysis operations

Network Indicators:

Outbound connections from pickle analysis processes to unexpected destinations

SIEM Query:

process.name:fickling AND (process.cmdline:*pty* OR process.spawn:*pty*)

📊 Metadata

CVE ID: CVE-2025-67748

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.02% exploit probability (2.8th percentile)

Published: December 16, 2025

Last Updated: January 2, 2026

🔗 References

https://github.com/trailofbits/fickling/pull/108 Issue Tracking,Patch
https://github.com/trailofbits/fickling/pull/187 Issue Tracking,Patch
https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67748, you might also want to check these: