CVE-2025-49597

Published: Jun 13, 2025

Modified: Jun 23, 2025

PUBLISHED

CVSS v3.1

3.9

LOW

Description

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.

Vendor	Product	Versions
handcraftedinthealps	goodby-csv	affected `< 1.4.3`

Weaknesses (CWE)

CWE-915

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://github.com/handcraftedinthealps/goodby-csv/security/advisories/GHSA-x3c7-22c8-prg7

x_refsource_CONFIRM

https://github.com/handcraftedinthealps/goodby-csv/commit/acd14c6ed85116bb2cb4da35ab62821e5cf54519

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-49597

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References