MAL-2025-47458

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/veilcord-tls/MAL-2025-47458.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2025-47458

Published

2025-09-17T04:05:07Z

Modified

2025-09-17T04:05:07Z

Summary

Malicious code in veilcord-tls (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: oracle-using-macaron (aed8328880d0c346cc1c0c9d51602617be4ea88a7a23878b68164484949555b2)

This package decodes a payload and executes it whenever it is imported. It seems to be targeting veilcord package users. Its contents are almost identical to veilcord, except for the addition of the malicious payload.

Database specific

{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.0.7.5",
                "0.0.7.6"
            ],
            "source": "oracle-using-macaron",
            "sha256": "aed8328880d0c346cc1c0c9d51602617be4ea88a7a23878b68164484949555b2",
            "import_time": "2025-09-17T04:05:07Z",
            "modified_time": "2025-09-17T04:05:07Z"
        }
    ]
}

References

Credits

- Oracle using Macaron - FINDER
- - https://github.com/oracle/macaron

Affected packages

PyPI / veilcord-tls

Package

Name: veilcord-tls; View open source insights on deps.dev
Purl: pkg:pypi/veilcord-tls

Affected ranges

Affected versions

0.*

0.0.7.5

0.0.7.6