Arbitrary Code Execution (ACE)

🗓️ 04 Sep 2025 09:30:06Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 4 Views

future is vulnerable to Arbitrary Code Execution (ACE). The vulnerability is due to the unintended automatic import of a file named test.py when the module is loaded, which allows an attacker with file write access to execute arbitrary code.

Reporter	Title	Published	Views	Family All 43
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]	17 Dec 202514:25	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Python-Future 1.0.0 module affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	29 Dec 202507:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.3	7 Oct 202516:08	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion	19 Dec 202520:44	–	ibm
Chainguard	CVE-2025-50817 vulnerabilities	7 Jan 202601:29	–	cgr
Circl	CVE-2025-50817	14 Aug 202519:23	–	circl
CNNVD	python-future 安全漏洞	14 Aug 202500:00	–	cnnvd
CVE	CVE-2025-50817	14 Aug 202500:00	–	cve
Cvelist	CVE-2025-50817	14 Aug 202500:00	–	cvelist
Debian CVE	CVE-2025-50817	14 Aug 202500:00	–	debiancve

Vulners

Node

future futureRange0.14.0–1.0.0python

Source	Link
medium	www.medium.com/@abcd_68700/cve-2025-50817-python-future-module-arbitrary-code-execution-via-unintended-import-of-test-py-f0818ea93cf4
github	www.github.com/PythonCharmers/python-future/blob/v1.0.0/src/future/standard_library/__init__.py
pypi	www.pypi.org/project/future/
github	www.github.com/PythonCharmers/python-future
gist	www.gist.github.com/fried/d2108a4932f3a22712dfc04598b5b8ce
github	www.github.com/advisories/GHSA-xqrq-4mgf-ff32

22 Jun 2026 14:06Current

7.4High risk

Vulners AI Score7.4

CVSS 3.15.4

EPSS0.00271

SSVC