CVE-2025-68131 — Vulnetix

CVE-2025-68131 PUBLISHED CVSS 5.5 MEDIUM

CBORDecoder reuse can leak shareable values across decode calls

EPSS 0.02% · 5.5th percentile

Risk Scores

CVSS v4.0

5.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

EPSS Score

0.02%

5.5th percentile

Affected Products

Vendor	Product	Versions
PyPI	cbor2	3.0.0
agronholm	cbor2	>= 3.0.0, < 5.8.0, 3.0.0

Timeline

Dec 31, 2025 CVE Published
Dec 31, 2025 EPSS Score
Dec 31, 2025 PoC Published
Dec 31, 2025 PoC Published
Jan 3, 2026 EPSS Score
Jan 7, 2026 EPSS Score
Jan 9, 2026 PoC Published
Jan 10, 2026 EPSS Score
Jan 14, 2026 EPSS Score
Jan 17, 2026 EPSS Score
Jan 20, 2026 EPSS Score
Jan 24, 2026 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›