AI description
CVE-2025-27607 is a vulnerability in the 'python-json-logger' library, a popular Python tool used for creating JSON logs. Between December 30, 2024 and March 4, 2025, the library was susceptible to remote code execution (RCE) due to a missing optional dependency, 'msgspec-python313-pre'. This dependency was not available on the Python Package Index (PyPI), allowing a malicious actor to upload a counterfeit package with the same name. If a user installed 'python-json-logger' with optional dependencies in a Python 3.13.x environment, the malicious package could be installed automatically, potentially giving the attacker RCE capabilities. The vulnerability has been addressed in version 3.3.0 of 'python-json-logger'. Users are urged to update to this or a later version to mitigate the risk.
- Description
- Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-829
- Hype score
- Not currently trending
#Python sigue dominando en #DevOps con #IA, reduciendo errores en un 30% y acelerando despliegues. Pero cuidado: bibliotecas como python-json-logger han tenido vulnerabilidades críticas (CVE-2025-27607) ⚠️ Actualiza dependencias y evita instalar paquetes opcionales sin verificar
@henryraul
12 Apr 2025
184 Impressions
6 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 RCE Vulnerability in python-json-logger CVE-2025-27607 A missing dependency msgspec-python313-pre left the door open for remote code execution via supply chain hijack. ⚠️ Versions 3.2.0–3.2.1 affected ✅ Patch released in 3.3.0 💥 43M downloads/month = HUGE blast radius https
@CareWeDoNot
7 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Pythonライブラリ「python-json-logger」のバージョン3.2.0および3.2.1に深刻な脆弱性(CVE-2025-27607)が発見された。この問題は、存在しない依存関係「msgspec-python313-pre」が指定されていたことに起因する。
@yousukezan
7 Apr 2025
2189 Impressions
6 Retweets
20 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-27607 Potential RCE via missing `msgspec-python313-pre` dependency https://t.co/uu7sgylmNI
@momika233
7 Apr 2025
4269 Impressions
16 Retweets
99 Likes
21 Bookmarks
0 Replies
0 Quotes
Se ha detectado la vulnerabilidad CVE-2025-27607 que afecta a Python-Json-Logger v3.2.x de Python v3.13. La vulnerabilidad representa un riesgo crítico, ya que permite la ejecución remota de código (RCE). https://t.co/ez7AkPCjZ9 #porUnEcuadorCiberseguro @Arcotel_ec @CsirtEPN
@EcuCERT_EC
25 Mar 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Do you smell that? 🍃🌷 It's a fresh recap in vsociety! Captain Nahuel gathered quite the bouquet of scripts, from removing a user from the sudo group to a detection/remediation combo for CVE-2025-27607, a malicious Python package. Catch all the latest in scripting land with…
@vicariusltd
17 Mar 2025
59 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad encontrada en Python-Json-Logger- CVE-2025-27607. Para más info: https://t.co/ez7AkPBM9B #PorUnEcuadorCiberseguro @Arcotel_ec @CsirtCEDIA @CsirtEPN
@EcuCERT_EC
14 Mar 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Attention users of the popular Python package python-json-logger! Versions 3.2.0 and 3.2.1 faced a supply chain attack from Dec 30, 2024, to March 4, 2025. According to CVE-2025-27607, a key dependency, msgspec-python313-pre, was removed from PyPI, leaving it vulnerable to a…
@JFrogSecurity
13 Mar 2025
265 Impressions
2 Retweets
6 Likes
1 Bookmark
1 Reply
0 Quotes
😈🎩 Villain of the Week 🎩😈 CVE-2025-27607 is causing mayhem in the Python JSON Logger package. This flaw allows attackers to execute arbitrary code on systems where the vulnerable package, msgspec-python313-pre, is installed as part of the development dependencies 📝… https:
@vicariusltd
13 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👀 VulnWatch Monday: CVE-2025-27607 🔓 A critical flaw has been found in Python JSON Logger, a widely used Python logging library w/ 46m+ monthly downloads ⚙️ The manipulation of a missing optional dependency leads to RCE 🔧 Fix: Update to Python JSON Logger v3.3.0 or later ht
@kpoireault
10 Mar 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27607 exposes Python’s JSON Logger to remote code execution. Patch to v3.3.0 recommended. https://t.co/OiWlQbapYO
@GrimmAnalyst
10 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-27607: Popular Python Logging Library Vulnerable to Remote Code Execution 🎯13M+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/pHrcexkjiB FOFA Query:app="Python" 🔖Refer:https://t.co/XC0ddaWCSq #OSINT #FOFA… https://t.c
@fofabot
10 Mar 2025
1431 Impressions
7 Retweets
16 Likes
6 Bookmarks
2 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2025-21333 3 - CVE-2025-27607 4 - CVE-2025-0337 5 - CVE-2025-27840 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-27607 : Remote Code Execution Vulnerability in Python JSON Logger from NHairs 📊 12.5M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/JsptGdnVqS 👇Query HUNTER : https://t.co/q9rtuGgxk7="Python" FOFA : product="Python"… ht
@HunterMapping
10 Mar 2025
5451 Impressions
29 Retweets
121 Likes
52 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Python JSON Logger Remote Code Execution Vulnerability 📅 Timeline: Disclosure: 2025-03-07, Patch: 2025-03-09 📌 Attribution: 🆔cveId: CVE-2025-27607 📊baseScore: 8.8 📏cvssMetrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 📈
@syedaquib77
10 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE Alert: Python Logging Library Remote Code Execution Vulnerability🚨 Vulnerability Details: CVE-2025-27607 (CVSS v3 8.8/10) Python Logging Library Remote Code Execution Vulnerability Impact A Successful exploit could allow attackers to execute arbitrary code on systems… ht
@CyberxtronTech
10 Mar 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨人気のPythonロギングライブラリにリモートコード実行の脆弱性:CVE-2025-27607 🔨ServiceNow、Now Platformにおける認可バイパスの脆弱性に対処:CVE-2025-0337 〜サイバーセキュリティ週末の話題〜 https://t.co/Mp0ZbgojR9 #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
10 Mar 2025
98 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Popular Python Logging Library with - 43 million downloads monthly Vulnerable to Remote Code Execution [CVE-2025-27607]👾📝🔥 Credits- @omnigodzzz Do follow him!!! https://t.co/w4LUBtgv8Q
@harshleenchawl2
9 Mar 2025
4544 Impressions
16 Retweets
73 Likes
20 Bookmarks
0 Replies
0 Quotes
Popular biblioteca de registro de logs de Python vulnerable a la ejecución remota de código ⚠️ CVE-2025-27607 https://t.co/qNfS4u9pzB… https://t.co/l4Yk56kDeT
@doncaptador
9 Mar 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Popular biblioteca de registro de logs de Python vulnerable a la ejecución remota de código ⚠️ CVE-2025-27607 https://t.co/XXVyEcb1FK https://t.co/FzgwQbtaTr
@elhackernet
9 Mar 2025
6216 Impressions
26 Retweets
107 Likes
16 Bookmarks
1 Reply
1 Quote
Popular Python Logging Library Vulnerable to Remote Code Execution (CVE-2025-27607) https://t.co/32lznGVFXv
@antonio_taboada
9 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27607 (CVSS 8.8) The ‘python-json-logger’ package has over 43 million downloads per month, making this vulnerability a significant threat to a large number of users. https://t.co/JRDDtZGwA8 Sentinel KQL Detection: https://t.co/Ygk52hmBQY https://t.co/mSzeZsHnS4
@0x534c
9 Mar 2025
3224 Impressions
5 Retweets
50 Likes
26 Bookmarks
2 Replies
0 Quotes
Pythonのログ取得ライブラリpython-json-loggerに遠隔コード実行につながる脆弱性。CVE-2025-27607は、同ライブラリのオプションの依存関係"msgspec-python313-pre"が、PyPI上に存在しないというもの。同名のパッケージを取得することで攻撃可能だった。修正済み。 https://t.co/msFvLEKWkd
@__kokumoto
9 Mar 2025
1557 Impressions
3 Retweets
19 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨 Critical #Python Vulnerability: #CVE-2025-27607 https://t.co/JUVvRC2Mw3 Educational Purposes!
@UndercodeUpdate
9 Mar 2025
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Popular Python Logging Library Vulnerable to Remote Code Execution (CVE-2025-27607) https://t.co/LrVctmNtea
@Dinosn
9 Mar 2025
15195 Impressions
62 Retweets
235 Likes
69 Bookmarks
3 Replies
4 Quotes
Popular #Python Logging Library Vulnerable to Remote Code Execution (CVE-2025-27607) Understand the implications of CVE-2025-27607. Attackers could exploit the python-json-logger vulnerability for remote code execution. https://t.co/ufDQvdjfPw
@the_yellow_fall
9 Mar 2025
1403 Impressions
6 Retweets
18 Likes
8 Bookmarks
1 Reply
0 Quotes
Python JSON Logger (CVE-2025-27607) was vulnerable to RCE from Dec 30, 2024 to Mar 4, 2025 due to a missing dependency. Fixed in v3.3.0. CVSS 8.8. Details: https://t.co/7Iw6YXCJKC
@OffSecGlobal
8 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-27607: HIGH] Python JSON Logger faced an RCE vulnerability due to a missing dependency from 30 December 2024 to 4 March 2025. The issue has been fixed in version 3.3.0, safeguarding users from potential...#cybersecurity,#vulnerability https://t.co/oArmTnXsCv https://t.c
@CveFindCom
7 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes