CVE-2025-67748 is a vulnerability identified in the Python pickling decompiler and static analyzer tool called 'fickling', developed by trailofbits. The tool is designed to analyze and vet pickle files for security issues by decompiling and statically inspecting them. Pickle files in Python can serialize and deserialize arbitrary objects, which poses inherent security risks if untrusted data is deserialized. To mitigate this, fickling maintains a block list of unsafe module imports to flag potentially dangerous pickles. However, versions of fickling prior to 0.1.6 had an incomplete block list that omitted the 'pty' module. The 'pty' module in Python can be used to spawn pseudo-terminal processes, and its use in pickles can enable execution of arbitrary code upon deserialization. Because 'pty' was not blocked, pickle files exploiting pty.spawn() were incorrectly classified as 'LIKELY_SAFE' by fickling, leading to a false sense of security. This misclassification could allow attackers to craft malicious pickle files that bypass security vetting and execute arbitrary code on systems that trust and deserialize these pickles. The vulnerability does not require any privileges or authentication but does require user interaction in the form of processing the pickle files with fickling. The CVSS 4.0 base score is 7.1 (high), reflecting the local attack vector, low complexity, no privileges required, but user interaction needed, and high impact on confidentiality, integrity, and availability. The issue was fixed in version 0.1.6 by adding 'pty' to the block list of disallowed imports, closing the bypass. No known exploits have been reported in the wild yet. Organizations using fickling for security analysis of pickle files should upgrade to version 0.1.6 or later to mitigate this risk.

The vulnerability primarily impacts organizations that rely on fickling to vet pickle files for security, including software development teams, security analysts, and automated security pipelines. If malicious pickle files exploiting the 'pty' module bypass fickling's detection, they can be mistakenly trusted and deserialized, leading to arbitrary code execution. This can compromise confidentiality by exposing sensitive data, integrity by allowing unauthorized code or data manipulation, and availability by enabling denial-of-service or system compromise. For European organizations, the impact is significant in sectors using Python extensively, such as finance, technology, research, and critical infrastructure. The risk is heightened in environments where pickle files are exchanged or processed automatically without additional validation. Although exploitation requires user interaction (processing the pickle with fickling), the ease of crafting malicious pickles and the high impact of successful exploitation make this a serious threat. The absence of known exploits in the wild suggests limited current exposure but also indicates the need for proactive mitigation.

1. Upgrade fickling to version 0.1.6 or later immediately to ensure the 'pty' module is included in the block list of unsafe imports. 2. Implement additional layers of validation for pickle files beyond fickling, such as sandboxed deserialization environments or alternative safer serialization formats (e.g., JSON, protobuf) where feasible. 3. Restrict the use of pickle deserialization to trusted sources only and enforce strict access controls on systems processing pickle files. 4. Monitor and audit usage of fickling and pickle processing pipelines for anomalous activity or unexpected pickle files. 5. Educate developers and security teams about the risks of pickle deserialization and the importance of using updated analysis tools. 6. Consider integrating runtime monitoring or endpoint detection solutions to detect suspicious behaviors resulting from malicious pickle deserialization. 7. Review and update internal security policies to include regular updates and vulnerability assessments of security tooling like fickling.