QwikSec

Security Database

CVE

CWE

Training

CVE-2025-67748

Published: Dec 16, 2025

Modified: Dec 16, 2025

PUBLISHED

Description

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module imports. This led to unsafe pickles based on `pty.spawn()` being incorrectly flagged as `LIKELY_SAFE`, and was fixed in version 0.1.6. This impacted any user or system that used Fickling to vet pickle files for security issues.

Vendor	Product	Versions
trailofbits	fickling	affected `< 0.1.6`

Weaknesses (CWE)

References

https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2

x_refsource_CONFIRM

https://github.com/trailofbits/fickling/pull/108

x_refsource_MISC

https://github.com/trailofbits/fickling/pull/187

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.