Home > Vulnerability Database > CVE-2025-4516

Mend.io Vulnerability Database

CVE-2025-4516

Good to know:

Date: May 15, 2025

There is an issue in CPython when using "bytes.decode("unicode_escape", error="ignore|replace")". If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

Severity Score

5.1

Related Resources (16)

Url: https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d

Url: https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f

Url: https://security-tracker.debian.org/tracker/CVE-2025-4516

Url: https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292

Url: https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142

Url: https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-4516

Url: https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b

Url: https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e

Url: https://security.alpinelinux.org/vuln/CVE-2025-4516

Url: http://www.openwall.com/lists/oss-security/2025/05/16/4

Url: http://www.openwall.com/lists/oss-security/2025/05/19/1

Url: https://github.com/python/cpython/issues/133767

Url: https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77

Url: https://github.com/python/cpython/pull/129648

Url: https://www.mend.io/vulnerability-database/CVE-2025-4516

Severity Score

5.1

Weakness Type (CWE)

Use After Free

CWE-416

Top Fix

Upgrade Version

Upgrade to version https://github.com/python/cpython.git - v3.9.23;https://github.com/python/cpython.git - v3.10.18;https://github.com/python/cpython.git - v3.11.13;https://github.com/python/cpython.git - v3.12.11;https://github.com/python/cpython.git - v3.13.4;https://github.com/python/cpython.git - v3.14.0b1

Learn More

CVSS v3.1

Base Score:	5.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-4516

Good to know:

Date: May 15, 2025

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?