| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.7 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in lmfit asteval up to 1.0.5. The affected element is the function str. Such manipulation leads to format string.
This vulnerability is listed as CVE-2025-24359. The attack must be carried out locally. There is no available exploit.
You should upgrade the affected component.
Details
A vulnerability was found in lmfit asteval up to 1.0.5 and classified as critical. Affected by this issue is the function str. The manipulation with an unknown input leads to a format string vulnerability. Using CWE to declare the problem leads to CWE-134. The product uses a function that accepts a format string as an argument, but the format string originates from an external source. Impacted is confidentiality, integrity, and availability. CVE summarizes:
ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the `on_formattedvalue` value uses the dangerous format method of the str class. The code allows an attacker to manipulate the value of the string used in the dangerous call `fmt.format(__fstring__=val)`. This vulnerability can be exploited to access protected attributes by intentionally triggering an `AttributeError` exception. The attacker can then catch the exception and use its `obj` attribute to gain arbitrary access to sensitive or protected object properties. Version 1.0.6 fixes this issue.
The advisory is shared for download at github.com. This vulnerability is handled as CVE-2025-24359 since 01/20/2025. The exploitation is known to be easy. The attack needs to be approached locally. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 241666 (Fedora 43 : python-asteval (2025-99d252d8fc)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 1.0.6 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (241666). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
Version
Website
- Product: https://github.com/lmfit/asteval/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.8VulDB Meta Temp Score: 6.7
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 8.4
CNA Vector (GitHub_M): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Format stringCWE: CWE-134 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 241666
Nessus Name: Fedora 43 : python-asteval (2025-99d252d8fc)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: asteval 1.0.6
Timeline
01/20/2025 🔍01/24/2025 🔍
01/24/2025 🔍
07/10/2025 🔍
Sources
Product: github.comAdvisory: GHSA-3wwr-3g9f-9gc7
Status: Confirmed
CVE: CVE-2025-24359 (🔍)
GCVE (CVE): GCVE-0-2025-24359
GCVE (VulDB): GCVE-100-293288
Entry
Created: 01/24/2025 18:46Updated: 07/10/2025 09:14
Changes: 01/24/2025 18:46 (65), 07/10/2025 09:14 (2)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.