UBUNTU-CVE-2025-50817

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-50817
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50817.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-50817
Upstream
  • CVE-2025-50817
Withdrawn
2025-10-21T05:23:00Z
Published
2025-08-14T17:15:00Z
Modified
2025-10-02T05:23:27Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code. NOTE: Multiple third parties have disputed this issue and stated that it is not a security flaw in python-future and is a documented feature of Python’s import system in the handling of sys.path.

References

Affected packages

Ubuntu:Pro:16.04:LTS / python-future

Package

Name
python-future
Purl
pkg:deb/ubuntu/python-future@0.15.2-1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.14.3-1
0.14.3-1build1
0.15.2-1
0.15.2-1ubuntu0.1~esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-future",
            "binary_version": "0.15.2-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "python3-future",
            "binary_version": "0.15.2-1ubuntu0.1~esm1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50817.json"

Ubuntu:Pro:18.04:LTS / python-future

Package

Name
python-future
Purl
pkg:deb/ubuntu/python-future@0.15.2-4ubuntu2.1?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.15.2-4ubuntu1
0.15.2-4ubuntu2
0.15.2-4ubuntu2.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-future",
            "binary_version": "0.15.2-4ubuntu2.1"
        },
        {
            "binary_name": "python3-future",
            "binary_version": "0.15.2-4ubuntu2.1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50817.json"

Ubuntu:Pro:20.04:LTS / python-future

Package

Name
python-future
Purl
pkg:deb/ubuntu/python-future@0.18.2-2ubuntu0.1?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.16.0-1
0.18.2-0ubuntu1
0.18.2-1
0.18.2-2
0.18.2-2ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-future",
            "binary_version": "0.18.2-2ubuntu0.1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50817.json"

Ubuntu:22.04:LTS / python-future

Package

Name
python-future
Purl
pkg:deb/ubuntu/python-future@0.18.2-5ubuntu0.1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.18.2-5
0.18.2-5ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-future",
            "binary_version": "0.18.2-5ubuntu0.1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50817.json"

Ubuntu:24.04:LTS / python-future

Package

Name
python-future
Purl
pkg:deb/ubuntu/python-future@0.18.2-6ubuntu2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.18.2-6ubuntu2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-future",
            "binary_version": "0.18.2-6ubuntu2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50817.json"