CVE-2025-67748 identifies a security vulnerability in Fickling, a Python pickling decompiler and static analyzer developed by trailofbits. The vulnerability arises from an incomplete list of disallowed inputs in the tool’s security checks, specifically the absence of the 'pty' module from the block list of unsafe imports. This omission allowed pickle files that invoke pty.spawn(), a function capable of spawning pseudo-terminal processes, to bypass Fickling’s safety detection and be incorrectly flagged as 'LIKELY_SAFE'. Since Python pickle files can execute arbitrary code during deserialization, this misclassification poses a significant risk of remote code execution or privilege escalation if unsafe pickles are trusted and processed. The vulnerability affects all versions of Fickling prior to 0.1.6 and was publicly disclosed on December 16, 2025. The CVSS 4.0 base score is 7.1, indicating high severity, with an attack vector requiring local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:P). The impact on confidentiality, integrity, and availability is high due to the potential for executing arbitrary commands via pty.spawn(). No known exploits have been reported in the wild, but the vulnerability is critical for environments relying on Fickling to vet pickle files for security. The flaw relates to CWE-184 (Incomplete List of Disallowed Inputs), CWE-502 (Deserialization of Untrusted Data), and CWE-94 (Code Injection). The fix was implemented in version 0.1.6 by adding 'pty' to the block list, preventing unsafe pickles from being misclassified. Organizations using Fickling should upgrade promptly and consider additional manual or automated validation of pickle files, especially those involving modules capable of spawning processes or executing code.

The vulnerability poses a high risk to European organizations that use Fickling to analyze and vet Python pickle files for security. Exploitation could lead to arbitrary code execution, compromising confidentiality by exposing sensitive data, integrity by allowing unauthorized code to run, and availability by potentially disrupting services or systems. This is particularly critical for organizations involved in software development, security auditing, incident response, and any environment where pickle files are exchanged or processed. Since the attack vector requires local access and user interaction, the threat is more relevant in environments where untrusted pickle files are manually or automatically analyzed using Fickling. Failure to detect unsafe pickles could allow attackers to bypass security controls, leading to malware execution or lateral movement within networks. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks. European entities relying on Fickling for compliance or security assurance may face increased risk of undetected malicious pickle files, impacting trust and operational security.

1. Upgrade Fickling to version 0.1.6 or later immediately to ensure the 'pty' module is included in the block list of unsafe imports. 2. Implement additional static and dynamic analysis tools to cross-verify the safety of pickle files, focusing on modules capable of spawning processes or executing code. 3. Establish strict policies to restrict the use of pickle files from untrusted or unknown sources, especially in environments where Fickling is used for vetting. 4. Incorporate manual code reviews or sandbox testing of pickle files flagged as safe by Fickling to detect false negatives. 5. Educate developers and security teams about the risks of deserialization vulnerabilities and the limitations of automated tools like Fickling. 6. Monitor systems for unusual process spawning or behavior indicative of exploitation attempts involving pty.spawn() or similar functions. 7. Maintain an inventory of systems and workflows that utilize Fickling to prioritize patching and risk assessment. 8. Consider alternative serialization formats with safer deserialization properties where feasible.