CVE-2025-4516

EUVD-2025-15156
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
5.9 MEDIUM
LOCAL
HIGH
NONE
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
𝑥
< 3.9.23
CNA
pythoncpython
3.10.0 ≤
𝑥
< 3.10.18
CNA
pythoncpython
3.11.0 ≤
𝑥
< 3.11.13
CNA
pythoncpython
3.12.0 ≤
𝑥
< 3.12.11
CNA
pythoncpython
3.13.0 ≤
𝑥
< 3.13.4
CNA
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
not-affected
xenial
not-affected
python3.10
focal
dne
jammy
Fixed 3.10.12-1~22.04.10
released
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.11
focal
dne
jammy
Fixed 3.11.0~rc1-1~22.04.1~esm4
released
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.12
focal
dne
jammy
dne
noble
Fixed 3.12.3-1ubuntu0.6
released
oracular
Fixed 3.12.7-1ubuntu2.1
released
plucky
dne
questing
dne
python3.13
focal
dne
jammy
dne
noble
dne
oracular
ignored
plucky
Fixed 3.13.3-1ubuntu0.1
released
questing
not-affected
python3.14
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
Fixed 3.14.0-1
released
python3.4
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
not-affected
python3.5
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
not-affected
xenial
not-affected
python3.6
bionic
Fixed 3.6.9-1~18.04ubuntu1.13+esm5
released
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.7
bionic
Fixed 3.7.5-2ubuntu1~18.04.2+esm6
released
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.8
bionic
Fixed 3.8.0-3ubuntu1~18.04.2+esm5
released
focal
Fixed 3.8.10-0ubuntu1~20.04.18+esm1
released
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
python3.9
focal
Fixed 3.9.5-3ubuntu0~20.04.1+esm5
released
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292
https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d
https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142
https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f
https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77
https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e
https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b
https://github.com/python/cpython/issues/133767
https://github.com/python/cpython/pull/129648
https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/
http://www.openwall.com/lists/oss-security/2025/05/16/4
http://www.openwall.com/lists/oss-security/2025/05/19/1