CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-27607

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.01522/1

CVE-2025-27607: A critical vulnerability existed in Python JSON Logger allowing for potential Remote Code Execution (RCE). The flaw stemmed from a missing dependency, msgspec-python313-pre, which was temporarily unclaimed, potentially allowing a malicious actor to upload a rogue package. Successful exploitation granted RCE to users who installed development dependencies on Python 3.13. This vulnerability is fixed in version 3.3.0. Despite the low SOCRadar Vulnerability Risk Score (SVRS) of 30, the possibility of RCE underscores the severity of this vulnerability when present. Users should upgrade to version 3.3.0 immediately to mitigate potential risks associated with this dependency confusion issue. The relatively low SVRS likely reflects a limited window of opportunity and specific installation requirements.

TAGS
X_refsource_CONFIRM
X_refsource_MISC
In The Wild
VECTOR STRING
PUBLICATION DATE2025-03-07
LAST MODIFIED2025-03-07
Eye Icon
SOCRadar
AI Insight

Description

CVE-2025-27607 describes a Remote Code Execution (RCE) vulnerability in Python JSON Logger, a JSON Formatter for Python Logging. The vulnerability existed between December 30, 2024, and March 4, 2025, due to a missing dependency ("msgspec-python313-pre") that was deleted by the owner. This allowed a malicious third party to potentially claim the package name and inject malicious code, leading to RCE for users who installed development dependencies on Python 3.13. The issue is resolved in version 3.3.0. The SOCRadar Vulnerability Risk Score (SVRS) is 30, which, while not critical (above 80), indicates a moderate risk that should be addressed. The vulnerability is actively exploited by hackers.

Key Insights

  1. Supply Chain Risk: This CVE highlights the significant risk associated with supply chain vulnerabilities. The deletion of a dependency created an opportunity for attackers to inject malicious code into a widely used library.
  2. Targeted Environment: The vulnerability specifically targeted users running Python 3.13 and who installed development dependencies (pip install python-json-logger[dev]). This makes the vulnerability very specific but a critical vulnerability for anyone running the specified environment.
  3. Exploit Status: Active exploits have been published and the vulnerability is being exploited "In The Wild," indicating an elevated risk and the need for prompt mitigation.

Mitigation Strategies

  1. Upgrade Python JSON Logger: Immediately upgrade to Python JSON Logger version 3.3.0 or later to patch the vulnerability.
  2. Dependency Verification: Implement strict dependency verification measures, including using dependency pinning and software bill of materials (SBOMs), to ensure the integrity of packages used in your projects.
  3. Monitor Package Registries: Continuously monitor package registries (like PyPI) for suspicious activities or changes in dependencies that could indicate malicious activity.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Python JSON Logger Vulnerability Enables Remote Code Execution – PoC Released
Divya2025-04-07
Python JSON Logger Vulnerability Enables Remote Code Execution – PoC Released | A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in the Python JSON Logger package, affecting versions between 3.2.0 and 3.2.1. This vulnerability arises from a missing dependency, “msgspec-python313-pre,” which could be exploited by malicious actors if they published a package under the same name. Although the severity has been downgraded […] The post Python JSON Logger Vulnerability Enables Remote Code Execution – PoC
gbhackers.com
rss
forum
news
Over 43 Million Python Installations Vulnerable to Dangerous Code Execution Flaw
Divya2025-03-10
Over 43 Million Python Installations Vulnerable to Dangerous Code Execution Flaw | A significant vulnerability has been uncovered in the Python JSON Logger package (python-json-logger), affecting versions 3.2.0 and 3.2.1. This flaw, CVE-2025-27607 allows for remote code execution (RCE) due to misusing a missing dependency known as msgspec-python313-pre. The issue gained widespread attention due to a recent experiment demonstrating how malicious actors could exploit this vulnerability by claiming […] The post Over 43 Million Python Installations Vulnerable to
gbhackers.com
rss
forum
news
CVE-2025-27607 | nhairs python-json-logger up to 3.2.x inclusion of functionality from untrusted control sphere
vuldb.com2025-03-07
CVE-2025-27607 | nhairs python-json-logger up to 3.2.x inclusion of functionality from untrusted control sphere | A vulnerability was found in nhairs python-json-logger up to 3.2.x. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability was named CVE-2025-27607. The attack can be initiated remotely. There is no exploit
vuldb.com
rss
forum
news

Social Media

#Python sigue dominando en #DevOps con #IA, reduciendo errores en un 30% y acelerando despliegues. Pero cuidado: bibliotecas como python-json-logger han tenido vulnerabilidades críticas (CVE-2025-27607) ⚠️ Actualiza dependencias y evita instalar paquetes opcionales sin verificar https://t.co/k3p445p0QV
0
1
1
🚨 RCE Vulnerability in python-json-logger CVE-2025-27607 A missing dependency msgspec-python313-pre left the door open for remote code execution via supply chain hijack. ⚠️ Versions 3.2.0–3.2.1 affected ✅ Patch released in 3.3.0 💥 43M downloads/month = HUGE blast radius https://t.co/fofyC6qJXF
0
0
0
A remote code execution vulnerability (CVE-2025-27607) has been found in Python JSON Logger (3.2.0-3.2.1) due to a missing development dependency. Supply chain security risks remain crucial. ⚠️ #PythonLogger #OpenSource #USA link: https://t.co/QToBeoWESZ https://t.co/gsg9CIB2Zu
0
0
0
Do you smell that? 🍃🌷 It's a fresh recap in vsociety! Captain Nahuel gathered quite the bouquet of scripts, from removing a user from the sudo group to a detection/remediation combo for CVE-2025-27607, a malicious Python package. Catch all the latest in scripting land with https://t.co/VcvUZcvVZz
0
1
1
🚨 Attention users of the popular Python package python-json-logger! Versions 3.2.0 and 3.2.1 faced a supply chain attack from Dec 30, 2024, to March 4, 2025. According to CVE-2025-27607, a key dependency, msgspec-python313-pre, was removed from PyPI, leaving it vulnerable to a
1
0
0
😈🎩 Villain of the Week 🎩😈 CVE-2025-27607 is causing mayhem in the Python JSON Logger package. This flaw allows attackers to execute arbitrary code on systems where the vulnerable package, msgspec-python313-pre, is installed as part of the development dependencies 📝 https://t.co/hHgPAVXAp1
0
0
0
@gridinsoft Thanks for sharing guys. It’s me behind the finding[CVE-2025-27607]
0
0
0
@bGVnaW9u @fofabot Python's logging library, hit by CVE-2025-27607, is widely used across frameworks and tools: - Django: Core logging for web apps, debugging, and error tracking. - Flask: Lightweight web framework, leans on it for request logging. - Celery: Task queue system, logs task
1
0
2
@bGVnaW9u @fofabot Industries most likely tied to the Python logging vuln (CVE-2025-27607): IT services and cybersecurity companies are directly hit—they rely on Python for tools and scripts, so they’re prime targets for RCE exploits. Government and education sectors are indirectly at risk; they
0
1
2
CVE-2025-27607: Popular Python Woodcutting Library is Vulnerable to Remote Code Execution https://t.co/YL78jYPYbn
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
HTTPS://GITHUB.COM/NHAIRS/PYTHON-JSON-LOGGER/COMMIT/2548E3A2E3CEDF6BEF3EE7C60C55B7C02D1AF11Ahttps://github.com/nhairs/python-json-logger/commit/2548e3a2e3cedf6bef3ee7c60c55b7c02d1af11a
HTTPS://GITHUB.COM/NHAIRS/PYTHON-JSON-LOGGER/COMMIT/E7761E56EDB980CFAB0165E32469D5FD017A5D72https://github.com/nhairs/python-json-logger/commit/e7761e56edb980cfab0165e32469d5fd017a5d72
HTTPS://GITHUB.COM/NHAIRS/PYTHON-JSON-LOGGER/SECURITY/ADVISORIES/GHSA-WMXH-PXCX-9W24https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24
[email protected]https://github.com/nhairs/python-json-logger/commit/2548e3a2e3cedf6bef3ee7c60c55b7c02d1af11a
[email protected]https://github.com/nhairs/python-json-logger/commit/e7761e56edb980cfab0165e32469d5fd017a5d72
[email protected]https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24
[email protected]https://github.com/nhairs/python-json-logger/commit/2548e3a2e3cedf6bef3ee7c60c55b7c02d1af11a
[email protected]https://github.com/nhairs/python-json-logger/commit/e7761e56edb980cfab0165e32469d5fd017a5d72
[email protected]https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24
GITHUBhttps://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24

CWE Details

CWE IDCWE NameDescription
CWE-829Inclusion of Functionality from Untrusted Control SphereThe software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence