BIT-vault-2025-5999
Unsafe Deserialization vulnerability in vault (Go)
What is BIT-vault-2025-5999 About?
pandas through 1.0.3 can unserialize and execute commands from an untrusted file passed to `read_pickle()`. This is possible if `__reduce__` makes an `os.system` call, although this issue is disputed as `read_pickle()` is documented as unsafe. The impact is arbitrary command execution, but it relies heavily on user responsibility.
Affected Software
Technical Details
The vulnerability in pandas (through version 1.0.3) is related to unsafe deserialization when using the read_pickle() function. If an untrusted file containing a serialized object is passed to this function, and that object defines a __reduce__ method that makes an os.system call or other code execution primitives, pandas will unserialize the object and execute the embedded commands. This occurs because Python's pickle module, used by read_pickle(), is inherently insecure against maliciously constructed data. The issue is disputed because the read_pickle() function's documentation clearly states it is unsafe for untrusted input, placing responsibility on the user to ensure data integrity.
What is the Impact of BIT-vault-2025-5999?
Successful exploitation may allow attackers to execute arbitrary operating system commands on the system, gaining full control over the compromised environment, accessing sensitive data, installing malware, or altering system configurations.
What is the Exploitability of BIT-vault-2025-5999?
Exploitation of this unsafe deserialization vulnerability is of medium complexity. It requires an attacker to be able to supply a specially crafted, untrusted pickled file to the victim, who then must use the read_pickle() function to process it. This is typically a local attack or one that requires user interaction (e.g., convincing a user to open a malicious file). No specific authentication or privilege requirements are directly associated with the vulnerability itself; however, the ability to execute commands will depend on the permissions of the user running the pandas script. The primary prerequisites are the victim explicitly using read_pickle() on an untrusted file. The special condition is the presence of an os.system call (or similar code execution primitive) within the __reduce__ method of the pickled object. Risk factors that increase exploitation likelihood include applications that process pickled data from external sources without validation, and insufficient user awareness regarding the documented unsafety of read_pickle().
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-vault-2025-5999?
Available Upgrade Options
- github.com/hashicorp/vault
- >0.10.4, <1.20.0 → Upgrade to 1.20.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GO-2025-3837
- https://nvd.nist.gov/vuln/detail/CVE-2025-5999
- https://osv.dev/vulnerability/GHSA-6h4p-m86h-hhgh
- https://github.com/hashicorp/vault
- https://github.com/advisories/GHSA-6h4p-m86h-hhgh
- https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032
- https://discuss.hashicorp.com/t/hcsec-2025-13-vault-root-namespace-operator-may-elevate-token-privileges/76032
What are Similar Vulnerabilities to BIT-vault-2025-5999?
Similar Vulnerabilities: CVE-2023-29462 , CVE-2023-45803 , CVE-2023-46747 , CVE-2023-46816 , CVE-2023-43646
