Description

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.

INFO

Published Date :

2025-03-07T16:18:13.789Z

Last Modified :

2025-03-07T17:50:28.395Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-27607 vulnerability.

Vendors Products
Nhairs
  • Python Json Logger
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27607.

URL Resource
https://github.com/nhairs/python-json-logger/commit/2548e3a2e3cedf6bef3ee7c60c55b7c02d1af11a cve-icon cve-icon cve-icon
https://github.com/nhairs/python-json-logger/commit/e7761e56edb980cfab0165e32469d5fd017a5d72 cve-icon cve-icon cve-icon
https://github.com/nhairs/python-json-logger/security/advisories/GHSA-wmxh-pxcx-9w24 cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-27607 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-27607 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact