Bypass Vulnerability in Fickling Python Decompiler by Trail of Bits
CVE-2025-67748

7.1HIGH

Key Information:

Vendor

Trailofbits

Status
Fickling
Vendor
CVE Published:
16 December 2025

What is CVE-2025-67748?

A bypass vulnerability in Fickling, a Python pickling decompiler and static analyzer, has been identified, enabling the misclassification of unsafe pickle files. Prior to version 0.1.6, the library failed to include pty in its block list of unsafe module imports, resulting in potentially harmful pickles originating from pty.spawn() being erroneously marked as LIKELY_SAFE. This flaw poses a significant risk to users relying on Fickling for secure vetting of pickle files, highlighting the importance of keeping software dependencies up to date.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

fickling < 0.1.6

References

https://github.com/trailofbits/fickling/security/advisori...
x_refsource_CONFIRM
https://github.com/trailofbits/fickling/pull/108
x_refsource_MISC
https://github.com/trailofbits/fickling/pull/187
x_refsource_MISC

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.