2388642 – (CVE-2025-50817) CVE-2025-50817 pypi-future: Python future unintended import

Bug 2388642 (CVE-2025-50817) - CVE-2025-50817 pypi-future: Python future unintended import

Summary: CVE-2025-50817 pypi-future: Python future unintended import

Keywords:
Status:	NEW
Alias:	CVE-2025-50817
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-14 18:01 UTC by OSIDB Bzimport
Modified:	2025-11-20 16:12 UTC (History)
CC List:	49 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-08-14 18:01:45 UTC

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code.

Note You need to log in before you can comment on or make changes to this bug.

adudiak
bdettelb
carogers
caswilli
dhanak
doconnor
drosa
dsimansk
eglynn
erezende
haoli
hkataria
jajackso
jcammara
jjoyce
jmitchel
jneedle
jschluet
jwendell
kaycoth
kegrant
kingland
koliveir
kshier
kverlaen
lhh
ljawale
lsvaty
luizcosta
mabashia
matzew
mburns
mgarciac
mnovotny
nweather
omaciel
pbraun
pgrist
rbobbitt
rcernich
sausingh
shvarugh
simaishi
smcdonal
stcannon
teagle
tfister
thavo
yguenane