Ghost in the Code: Critical RCE Found in Abandoned Python PLY Library (CVSS 9.8)

A critical vulnerability has been unearthed in PLY (Python Lex-Yacc), a legendary parsing library that has served the Python community for a quarter of a century. Just as the project’s maintainer announced its abandonment, security researcher Bohmiiidd discovered a hidden, undocumented feature that leaves applications wide open to Remote Code Execution (RCE).

The vulnerability, tracked as CVE-2025-56005, carries a maximum-severity CVSS score of 9.8. It stems from a “ghost” parameter that exists in the code but nowhere in the official documentation.

PLY is a zero-dependency implementation of the traditional parsing tools lex and yacc, widely used for parsing complex languages. While the library is compatible with modern Python, its age has caught up with it in a devastating way.

The issue lies in the yacc() function. Researchers found an undocumented parameter named picklefile.

“This parameter is not documented in the official PLY documentation or GitHub repository, yet it is active in the PyPI release,” the report notes.

The picklefile parameter was likely intended for caching or state saving, but its implementation is fundamentally unsafe. When invoked, it forces PLY to deserialize a file using Python’s standard pickle.load() method without any validation.

In the Python world, pickle is notoriously dangerous when accepting untrusted data. The report explains the mechanism clearly: “Because Python’s pickle module supports execution of arbitrary code during deserialization (e.g., via __reduce__()), an attacker who can control the supplied pickle file can execute arbitrary code during parser initialization”.

Bohmiiidd provided a Proof of Concept (PoC) demonstrating how a simple, malicious pickle payload could be used to execute system commands, such as creating files or potentially taking over the host server, the moment yacc() is called.

The project’s creator, David Beazley, recently announced that after 25 years, he has “decided to abandon the PLY project”.

With “no further maintenance expected,” there is no official patch coming down the pipeline. Beazley’s advice to the community was blunt: “At this point, there are many high-quality parsing libraries that you might consider using instead”.

For developers still relying on this legacy code, the mitigation is straightforward but critical: Do not use the picklefile parameter.

Since the feature is undocumented, few developers likely use it intentionally. However, security teams should audit their codebases to ensure that user input cannot influence the arguments passed to the yacc() function, preventing attackers from injecting this lethal argument.

Related Posts:

• Sitting Ducks and Scammy Notifications: Inside a Global Malvertising Operation
• End of an Era: Apple Has Reportedly Cancelled the Mac Pro Lineup
• Malicious Models on Hugging Face: A New Threat to AI Development
• Abandoned Cart Lite for WooCommerce Plugin Faces Authentication Bypass Vulnerability