Vulnerability DatabaseCVE-2025-13837
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-13837
December 01, 2025
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Affected Packages
https://github.com/python/cpython.git (GITHUB):
Affected version(s) =v3.14.0 <v3.14.1
Fix Suggestion:
Update to version v3.14.1
https://github.com/python/cpython.git (GITHUB):
Affected version(s) >=v3.13.0 <v3.13.10
Fix Suggestion:
Update to version v3.13.10
Related ResourcesĀ (9)
https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba
https://github.com/python/cpython/issues/119342
https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb
https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70
https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036
https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111
https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/
https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b
https://github.com/python/cpython/pull/119343
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400
EPSS
Base Score:
0.03