CVE-2025-27607

Published Mar 7, 2025

Last updated 3 days ago

CVSS high 8.8
Python

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-27607 is a vulnerability in the 'python-json-logger' library, a popular Python tool used for creating JSON logs. Between December 30, 2024 and March 4, 2025, the library was susceptible to remote code execution (RCE) due to a missing optional dependency, 'msgspec-python313-pre'. This dependency was not available on the Python Package Index (PyPI), allowing a malicious actor to upload a counterfeit package with the same name. If a user installed 'python-json-logger' with optional dependencies in a Python 3.13.x environment, the malicious package could be installed automatically, potentially giving the attacker RCE capabilities. The vulnerability has been addressed in version 3.3.0 of 'python-json-logger'. Users are urged to update to this or a later version to mitigate the risk.

Description
Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-829

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

11

  1. Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2025-21333 3 - CVE-2025-27607 4 - CVE-2025-0337 5 - CVE-2025-27840 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    10 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨Alert🚨 CVE-2025-27607 : Remote Code Execution Vulnerability in Python JSON Logger from NHairs 📊 12.5M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/JsptGdnVqS 👇Query HUNTER : https://t.co/q9rtuGgxk7="Python" FOFA : product="Python"… ht

    @HunterMapping

    10 Mar 2025

    290 Impressions

    2 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ Vulnerability Alert: Python JSON Logger Remote Code Execution Vulnerability 📅 Timeline: Disclosure: 2025-03-07, Patch: 2025-03-09 📌 Attribution: 🆔cveId: CVE-2025-27607 📊baseScore: 8.8 📏cvssMetrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 📈

    @syedaquib77

    10 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨CVE Alert: Python Logging Library Remote Code Execution Vulnerability🚨 Vulnerability Details: CVE-2025-27607 (CVSS v3 8.8/10) Python Logging Library Remote Code Execution Vulnerability Impact A Successful exploit could allow attackers to execute arbitrary code on systems… ht

    @CyberxtronTech

    10 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨人気のPythonロギングライブラリにリモートコード実行の脆弱性:CVE-2025-27607 🔨ServiceNow、Now Platformにおける認可バイパスの脆弱性に対処:CVE-2025-0337 〜サイバーセキュリティ週末の話題〜 https://t.co/Mp0ZbgojR9 #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    10 Mar 2025

    98 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Popular Python Logging Library with - 43 million downloads monthly Vulnerable to Remote Code Execution [CVE-2025-27607]👾📝🔥 Credits- @omnigodzzz Do follow him!!! https://t.co/w4LUBtgv8Q

    @harshleenchawl2

    9 Mar 2025

    1280 Impressions

    7 Retweets

    33 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  7. Popular biblioteca de registro de logs de Python vulnerable a la ejecución remota de código ⚠️ CVE-2025-27607 https://t.co/qNfS4u9pzB… https://t.co/l4Yk56kDeT

    @doncaptador

    9 Mar 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Popular biblioteca de registro de logs de Python vulnerable a la ejecución remota de código ⚠️ CVE-2025-27607 https://t.co/XXVyEcb1FK https://t.co/FzgwQbtaTr

    @elhackernet

    9 Mar 2025

    5408 Impressions

    22 Retweets

    95 Likes

    13 Bookmarks

    1 Reply

    1 Quote

  9. Popular Python Logging Library Vulnerable to Remote Code Execution (CVE-2025-27607) https://t.co/32lznGVFXv

    @antonio_taboada

    9 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-27607 (CVSS 8.8) The ‘python-json-logger’ package has over 43 million downloads per month, making this vulnerability a significant threat to a large number of users. https://t.co/JRDDtZGwA8 Sentinel KQL Detection: https://t.co/Ygk52hmBQY https://t.co/mSzeZsHnS4

    @0x534c

    9 Mar 2025

    2773 Impressions

    3 Retweets

    40 Likes

    24 Bookmarks

    1 Reply

    0 Quotes

  11. Pythonのログ取得ライブラリpython-json-loggerに遠隔コード実行につながる脆弱性。CVE-2025-27607は、同ライブラリのオプションの依存関係"msgspec-python313-pre"が、PyPI上に存在しないというもの。同名のパッケージを取得することで攻撃可能だった。修正済み。 https://t.co/msFvLEKWkd

    @__kokumoto

    9 Mar 2025

    1507 Impressions

    3 Retweets

    17 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 Critical #Python Vulnerability: #CVE-2025-27607 https://t.co/JUVvRC2Mw3 Educational Purposes!

    @UndercodeUpdate

    9 Mar 2025

    50 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Popular Python Logging Library Vulnerable to Remote Code Execution (CVE-2025-27607) https://t.co/LrVctmNtea

    @Dinosn

    9 Mar 2025

    14533 Impressions

    59 Retweets

    224 Likes

    66 Bookmarks

    3 Replies

    4 Quotes

  14. Popular #Python Logging Library Vulnerable to Remote Code Execution (CVE-2025-27607) Understand the implications of CVE-2025-27607. Attackers could exploit the python-json-logger vulnerability for remote code execution. https://t.co/ufDQvdjfPw

    @the_yellow_fall

    9 Mar 2025

    1403 Impressions

    6 Retweets

    18 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  15. Python JSON Logger (CVE-2025-27607) was vulnerable to RCE from Dec 30, 2024 to Mar 4, 2025 due to a missing dependency. Fixed in v3.3.0. CVSS 8.8. Details: https://t.co/7Iw6YXCJKC

    @OffSecGlobal

    8 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. [CVE-2025-27607: HIGH] Python JSON Logger faced an RCE vulnerability due to a missing dependency from 30 December 2024 to 4 March 2025. The issue has been fixed in version 3.3.0, safeguarding users from potential...#cybersecurity,#vulnerability https://t.co/oArmTnXsCv https://t.c

    @CveFindCom

    7 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References