Critical Remote Code Execution Vulnerability Reported in Python PLY Library
Take action: If you use Python PLY library, search and remove any use of the picklefile parameter - it's vulnerable with no fix available. Regenerate parser tables at startup instead and lock down write access to prevent attackers from planting malicious files.
Learn More
Security researcher reports a critical vulnerability in the Python PLY (Python Lex-Yacc) library which has an undocumented feature that allows attackers to run code on a target system.
The flaw is tracked as CVE-2025-56005 (CVSS score 9.8), it allows remote code execution through the undocumented picklefile parameter. When a developer uses the picklefile parameter within the ply.yacc.yacc() function, the library loads parser tables from a .pkl file. It uses the Python pickle.load() method to do this. Because the library does not validate the file, it is open to unsafe deserialization attacks.
Attackers can exploit this by:
- Placing a malicious
.pklfile in a shared directory. - Modifying cached parser tables on disk.
- Poisoning files within CI/CD pipelines.
The flaw affects version 3.11 distributed via PyPI.
The proof of concept shows how an attacker can craft a malicious pickle payload. By using the __reduce__ method, the payload runs system commands as soon as the library initializes the parser. The maintainer has not yet released a fix or acknowledged the undocumented behavior in the official repository.
Organizations should immediately audit their code for any use of the picklefile parameter. Developers should stop using this feature and instead regenerate parser tables at startup and restrict write access to any directories where the library might store or load files. Until a patch is available, treat all .pkl files as untrusted input.
