CVE-2025-50817
Last modified
CVE-2025-50817 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code. NOTE: Multiple third parties have disputed this issue and stated that it is not a security flaw in python-future and is a documented feature of Python’s import system in the handling of sys.path.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-50817?
How severe is CVE-2025-50817?
How do I fix CVE-2025-50817?
Are you affected by CVE-2025-50817?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST