CVE-2025-4516

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
PSFCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
python3.10
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 3.10.12-1~22.04.10
released
focal
dne
python3.11
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 3.11.0~rc1-1~22.04.1~esm4
released
focal
dne
python3.12
questing
dne
plucky
dne
oracular
Fixed 3.12.7-1ubuntu2.1
released
noble
Fixed 3.12.3-1ubuntu0.6
released
jammy
dne
focal
dne
python3.13
questing
not-affected
plucky
Fixed 3.13.3-1ubuntu0.1
released
oracular
ignored
noble
dne
jammy
dne
focal
dne
python3.14
questing
Fixed 3.14.0-1
released
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
python3.4
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
trusty
not-affected
python3.5
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
xenial
not-affected
trusty
not-affected
python3.6
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
Fixed 3.6.9-1~18.04ubuntu1.13+esm5
released
python3.7
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
Fixed 3.7.5-2ubuntu1~18.04.2+esm6
released
python3.8
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 3.8.10-0ubuntu1~20.04.18+esm1
released
bionic
Fixed 3.8.0-3ubuntu1~18.04.2+esm5
released
python3.9
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 3.9.5-3ubuntu0~20.04.1+esm5
released
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292
https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d
https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142
https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f
https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77
https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e
https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b
https://github.com/python/cpython/issues/133767
https://github.com/python/cpython/pull/129648
https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/
http://www.openwall.com/lists/oss-security/2025/05/16/4
http://www.openwall.com/lists/oss-security/2025/05/19/1