CVE-2025-58367 is a critical vulnerability affecting the DeepDiff Python library versions 5.0.0 through 8.6.0. DeepDiff is a tool used for deep difference detection and searching within Python data structures. The vulnerability arises from improper control over dynamically determined object attributes, specifically within the Delta class constructor. This flaw allows an attacker to perform class pollution, which can be exploited when combined with a gadget available in the DeltaDiff module. The core issue involves the modification of the deepdiff.serialization.SAFE_TO_IMPORT attribute, which is intended to restrict the classes allowed during deserialization. By manipulating this attribute, an attacker can enable the import of dangerous classes such as posix.system. This leads to insecure Pickle deserialization, a well-known vector for remote code execution (RCE) in Python applications. Since the input to the Delta class can be user-controlled, an attacker can craft malicious input that triggers arbitrary code execution on the host system. The impact of this vulnerability extends beyond RCE; it can also cause Denial of Service (DoS) conditions depending on the application context. The vulnerability is classified under CWE-915, which relates to improper control of dynamically determined object attributes. The issue was addressed and fixed in DeepDiff version 8.6.1. The CVSS v4.0 score is 10.0 (critical), reflecting the vulnerability's high exploitability and severe impact on confidentiality, integrity, and availability without requiring authentication or user interaction.

For European organizations, this vulnerability poses a significant risk, especially those relying on Python applications that incorporate the DeepDiff library for data comparison or processing. The ability to execute arbitrary Python code remotely can lead to full system compromise, data breaches, and disruption of critical services. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that utilize Python-based automation, data analysis, or configuration management tools are particularly at risk. The vulnerability could be exploited to deploy ransomware, steal sensitive data, or disrupt operations. Given the lack of authentication and user interaction requirements, exploitation can be automated and widespread. Additionally, the potential for Denial of Service attacks could impact availability of services, leading to operational downtime and reputational damage. The vulnerability's presence in a widely used open-source library increases the likelihood of indirect exposure through third-party applications and services, amplifying the risk to European enterprises.

European organizations should immediately audit their software dependencies to identify any usage of DeepDiff versions between 5.0.0 and 8.6.0. The primary mitigation is to upgrade to DeepDiff version 8.6.1 or later, where the vulnerability has been fixed. For environments where immediate upgrade is not feasible, organizations should implement strict input validation and sanitization on any user-controlled data passed to the Delta class or related DeepDiff functionalities. Employ application-level sandboxing or runtime restrictions to limit the impact of potential code execution. Monitoring and logging of deserialization activities can help detect exploitation attempts. Additionally, organizations should review their software supply chain and third-party applications to identify indirect usage of vulnerable DeepDiff versions. Employing Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) with signatures targeting this vulnerability can provide temporary protection. Finally, organizations should ensure that their incident response teams are prepared to handle potential exploitation scenarios involving Python deserialization vulnerabilities.