CVE-2025-58367 is a critical vulnerability affecting the Python library DeepDiff, versions 5.0.0 through 8.6.0. DeepDiff is used for deep difference detection and searching within Python data structures. The vulnerability arises from improper control over dynamically-determined object attributes, specifically involving the Delta class constructor. This flaw allows an attacker to perform class pollution by modifying the attribute deepdiff.serialization.SAFE_TO_IMPORT, which controls which classes are considered safe for deserialization. By manipulating this attribute, an attacker can introduce dangerous classes such as posix.system into the deserialization process. When combined with the DeltaDiff gadget, this leads to insecure Pickle deserialization, a well-known vector for remote code execution (RCE). Since Pickle deserialization executes arbitrary Python code during object reconstruction, if an attacker can supply user-controlled input to the Delta class, they can execute arbitrary code on the host system without authentication or user interaction. This vulnerability impacts confidentiality, integrity, and availability, as it allows full system compromise. The vulnerability is fixed in DeepDiff version 8.6.1. The CVSS 4.0 base score is 10.0 (critical), reflecting network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. No known exploits are currently in the wild, but the ease of exploitation and severity make it a high-risk threat for any application using vulnerable DeepDiff versions.

For European organizations, this vulnerability poses a severe risk, especially for those relying on Python applications that incorporate DeepDiff for data comparison or processing. Exploitation can lead to full system compromise, data breaches, and disruption of critical services. Sectors such as finance, healthcare, government, and critical infrastructure, which often use Python for automation and data analysis, are particularly at risk. The ability to execute arbitrary code remotely without authentication means attackers can deploy ransomware, steal sensitive data, or pivot within networks. Given the widespread use of Python in European enterprises and open-source projects, the vulnerability could have broad implications. Additionally, organizations subject to strict data protection regulations like GDPR could face significant compliance and reputational damage if exploited.

Organizations should immediately audit their Python environments to identify usage of DeepDiff versions between 5.0.0 and 8.6.0. Upgrading to version 8.6.1 or later is the primary mitigation step. For environments where immediate upgrade is not feasible, restrict or sanitize all user inputs that may reach the Delta class constructor to prevent malicious payloads. Implement application-level input validation and employ runtime application self-protection (RASP) mechanisms to detect anomalous deserialization attempts. Additionally, consider isolating services using DeepDiff in sandboxed or containerized environments with minimal privileges to limit potential damage. Monitoring logs for unusual Pickle deserialization activity and deploying intrusion detection systems tuned for Python deserialization attacks can provide early warning. Finally, educate developers about the risks of insecure deserialization and enforce secure coding practices.