CVE-2025-67747 affects the Fickling tool, a Python pickling decompiler and static analyzer designed to detect unsafe pickle files. Prior to version 0.1.6, Fickling's security mechanism did not include the 'marshal' and 'types' modules in its block list of unsafe imports. This omission allows attackers to craft malicious pickle files that leverage 'types.FunctionType' and 'marshal.loads' to execute arbitrary code upon deserialization. Since Fickling is used to vet pickle files for security, this incomplete filtering creates a false sense of security, leading users to deserialize malicious content inadvertently. The vulnerability is categorized under CWE-184 (Incomplete List of Disallowed Inputs) and CWE-502 (Deserialization of Untrusted Data). Exploitation requires user interaction—specifically, the user must deserialize the malicious pickle file. The CVSS 4.0 score is 7.1, indicating high severity, with local attack vector, low complexity, no privileges required, but user interaction needed, and high impact on confidentiality, integrity, and availability. The flaw was addressed in Fickling version 0.1.6 by adding 'marshal' and 'types' to the block list, preventing bypass of the tool's security checks. No public exploits are known at this time, but the risk remains significant for users relying on vulnerable versions.

For European organizations, this vulnerability poses a substantial risk, particularly for those using Fickling to analyze or vet pickle files in development, testing, or production environments. Successful exploitation leads to arbitrary code execution, potentially compromising system confidentiality, integrity, and availability. This can result in data breaches, unauthorized access, lateral movement within networks, and disruption of critical services. Organizations in sectors such as finance, healthcare, research, and technology that rely on Python-based workflows or automated security vetting tools are especially vulnerable. The false sense of security from using Fickling without the patch may lead to increased exposure to supply chain attacks or insider threats leveraging malicious pickle files. Given the local attack vector and required user interaction, the threat is more pronounced in environments where untrusted pickle files are received or processed without additional safeguards.

The primary mitigation is to upgrade Fickling to version 0.1.6 or later, which includes the fix blocking 'marshal' and 'types' modules. Organizations should audit their environments to identify any usage of vulnerable Fickling versions and replace them promptly. Additionally, implement strict controls on pickle file sources, avoiding deserialization of untrusted or unauthenticated pickle data. Employ alternative safer serialization formats (e.g., JSON, YAML with safe loaders) where possible. Incorporate multi-layered security measures such as sandboxing deserialization processes, applying runtime monitoring for anomalous behavior, and enforcing least privilege principles on systems performing deserialization. Security teams should also educate developers and users about the risks of pickle deserialization and the importance of verifying tool versions and updates. Finally, integrate continuous vulnerability management to detect and remediate similar issues proactively.