Home > Vulnerability Database > CVE-2025-50817

Mend.io Vulnerability Database

CVE-2025-50817

Date: August 13, 2025

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code.

Severity Score

5.4

Related Resources (8)

Url: https://github.com/PythonCharmers/python-future

Url: https://pypi.org/project/future

Url: https://medium.com/@abcd_68700/cve-2025-50817-python-future-module-arbitrary-code-execution-via-unintended-import-of-test-py-f0818ea93cf4

Url: https://github.com/PythonCharmers/python-future/blob/v1.0.0/src/future/standard_library/__init__.py#L491

Url: https://gist.github.com/fried/d2108a4932f3a22712dfc04598b5b8ce

Url: https://pypi.org/project/future/

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-50817

Url: https://www.mend.io/vulnerability-database/CVE-2025-50817

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-50817

Date: August 13, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?