Type Confusion Vulnerability in RestrictedPython Tool by Zope Foundation
CVE-2025-22153
7.9HIGH
What is CVE-2025-22153?
A type confusion vulnerability exists in the RestrictedPython tool, where an issue in versions of the CPython interpreter, starting from 3.11 and prior to 3.13.2, allows for bypassing the restrictions imposed by RestrictedPython versions 6.0 through 8.0. This occurs when using try/except* clauses, which can be exploited to introduce untrusted program inputs into a system. The problem has been addressed in version 8.0 of RestrictedPython, which eliminated support for these clauses. As of now, no known workarounds are available for the affected versions.
Affected Version(s)
RestrictedPython >= 6.0, < 8.0
