CVE-2025-12781 · threatengine.sh

Home/CVE/When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the

CVE

CVE-2025-12781

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues.

This behavior can only be insecure if your application uses an alternate base64 alphabet (without "+/"). If your application does not use the "altchars" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs.

Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted "+" or "/" outside of altchars.

MEDIUM · CVSS 5.3 EPSS 0.00047

Schedule remediation

Public exploit or PoC is available

Sigma rules8 YARA rules0

⬡

Weakness Classification

CWE-704Incorrect Type Conversion or Cast

▤

Affected Products & Versions

3

python< 3.13.10
python>= 3.14.0 and < 3.14.1
pythonall versions

⚠

Public Exploits & PoCs

1

pocgithub.com · 125346github.com

◈

Sigma Hunt Rules

8

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

producthighPython Reverse Shell Execution Via PTY And Socket Modules

producthighInline Python Execution - Spawn Shell Via OS System Library

producthighPython One-Liners with Base64 Decoding - Linux

producthighPython Function Execution Security Warning Disabled In Excel

producthighPython One-Liners with Base64 Decoding

producthighPython Spawning Pretty TTY on Windows

Show all 8 top matches

producthighCredential Dumping Activity By Python Based Tool

producthighPython Function Execution Security Warning Disabled In Excel - Registry

See all related Sigma rules for this CVE

▣

Scoring & Timeline

5.3

MEDIUM · CVSS v3.1 · cna@python.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD21 Jan 2026 · 08:16 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

no

Technical impact

partial

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

9

rhsaRHSA-2026:7443Moderate
suse-csafSUSE-SU-2026:20665-1
suse-csafSUSE-SU-2026:20710-1
suse-csafSUSE-SU-2026:0767-1
suse-csafSUSE-SU-2026:0693-1
Show all 9 vendor advisoriessuse-csafopenSUSE-SU-2026:10221-1
suse-csafopenSUSE-SU-2026:10222-1
suse-csafopenSUSE-SU-2026:10206-1
suse-csafopenSUSE-SU-2026:10152-1

🔗

References & Sources

7

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://github.com/python/cpython/commit/13360efd385d1a7d0659beba03787ea3d063ef9bPatch

https://github.com/python/cpython/commit/1be80bec7960f5ccd059e75f3dfbd45fca302947Patch

https://github.com/python/cpython/commit/9060b4abbe475591b6230b23c2afefeff26fcca5Patch

https://github.com/python/cpython/commit/e95e783dff443b68e8179fdb57737025bf02ba76Patch

https://github.com/python/cpython/commit/fd17ee026fa9b67f6288cbafe374a3e479fe03a5Patch

https://github.com/python/cpython/pull/141128Issue TrackingPatch

Show all 7 references

https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/Mailing ListVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin