VDB

CISA-2025-4516

CISA-2025-4516 PUBLISHED CVSS 5.9 MEDIUM

Reported by PSF · Published May 15, 2025

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

Risk Scores

CVSS 4.0
5.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Python Software FoundationCPython0, 3.10.0, 3.11.0
Python Software FoundationCPython0, 3.10.0, 3.11.0

Timeline

  • May 15, 2025 CVE Published
  • Jun 3, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›