USN-8225-1
- Source
- https://ubuntu.com/security/notices/USN-8225-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8225-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8225-1
- Upstream
- Related
- Published
- 2026-04-30T02:19:38Z
- Modified
- 2026-04-30T10:00:02.634492536Z
- Summary
- python-marshmallow vulnerabilities
- Details
-
Jared Deckard discovered that Python marshmallow did not correctly handle hiding certain fields. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-17175)
It was discovered that Python marshmallow did not efficiently handle merging certain objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2025-68480)
- References
Affected packages
Ubuntu:Pro:18.04:LTS / python-marshmallow
Package
- Name
- python-marshmallow
- Purl
- pkg:deb/ubuntu/python-marshmallow@3.0.0b3-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.0b3-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.0b3-1ubuntu0.1~esm1",
"binary_name": "python3-marshmallow"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"cves": [
{
"id": "CVE-2018-17175",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8225-1.json"
Ubuntu:Pro:20.04:LTS / python-marshmallow
Package
- Name
- python-marshmallow
- Purl
- pkg:deb/ubuntu/python-marshmallow@3.4.0-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.0-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.4.0-1ubuntu0.1~esm1",
"binary_name": "python3-marshmallow"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"cves": [
{
"id": "CVE-2025-68480",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8225-1.json"
Ubuntu:Pro:22.04:LTS / python-marshmallow
Package
- Name
- python-marshmallow
- Purl
- pkg:deb/ubuntu/python-marshmallow@3.13.0-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.13.0-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.13.0-1ubuntu0.1~esm1",
"binary_name": "python3-marshmallow"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-68480"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8225-1.json"
Ubuntu:Pro:24.04:LTS / python-marshmallow
Package
- Name
- python-marshmallow
- Purl
- pkg:deb/ubuntu/python-marshmallow@3.20.1-1.1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.20.1-1.1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.20.1-1.1ubuntu0.1~esm1",
"binary_name": "python3-marshmallow"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-68480"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8225-1.json"
Ubuntu:Pro:26.04:LTS / python-marshmallow
Package
- Name
- python-marshmallow
- Purl
- pkg:deb/ubuntu/python-marshmallow@3.26.1-0.4ubuntu0.1~esm1?arch=source&distro=esm-apps/resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.26.1-0.4ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.26.1-0.4ubuntu0.1~esm1",
"binary_name": "python3-marshmallow"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:26.04:LTS",
"cves": [
{
"id": "CVE-2025-68480",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8225-1.json"