Strix
26.1K

CVE-2025-49597

LOWCVSS 3.9/10EPSS 0.21%

Last modified

CVE-2025-49597 is a low-severity vulnerability rated 3.9/10 on the CVSS scale. handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.

Metrics

CVSS 3.1
3.9/10

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

EPSS Probability
0.21%

11.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2025-49597?
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.
How severe is CVE-2025-49597?
CVE-2025-49597 has a CVSS score of 3.9/10 (LOW severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.
How do I fix CVE-2025-49597?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-49597?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST