Memory Management Vulnerability in Python's plistlib Module
CVE-2025-13837

2.1LOW

Key Information:

Vendor

Python Software Foundation

Status
Cpython
Vendor
CVE Published:
1 December 2025

What is CVE-2025-13837?

The plistlib module in Python is susceptible to a denial of service due to its method of reading plist files. When a plist file specifies an unusually large size, it can cause the module to allocate excessive memory. This can lead to out-of-memory (OOM) issues, allowing an attacker to disrupt services by forcing the system into a state of resource exhaustion. It is essential for developers and system administrators to be aware of this vulnerability to implement appropriate safeguards.

Affected Version(s)

CPython 0 < 3.10.20

CPython 3.11.0 < 3.11.15

CPython 3.12.0 < 3.12.13

References

https://github.com/python/cpython/pull/119343
patch
https://github.com/python/cpython/issues/119342
issue-tracking
https://github.com/python/cpython/commit/694922cf40aa3a28...
patch

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.