A critical vulnerability has been discovered in the popular Python object-oriented programming language package — python-json-logger — and has been assigned the code CVE-2025-27607. Alexander Kabanov, an expert on computer security at Gazinformservice, claims that this problem affects millions of users. Today, the Python development environment is deployed on more than 43 million PCs worldwide.
Image source: unsplash.com
The issue reportedly arose due to the removal of the msgspec-python313-pre dependency from the PyPI (Python Package Index) repository, which contains thousands of third-party Python modules. The attackers added a malicious package of the same name to the repository, which gives them the ability to remotely execute arbitrary code on vulnerable systems, which can lead to data compromise, information theft, and complete control over the infected PC.
«The ability to remotely access the system and execute arbitrary code due to a missing dependency shows how important it is to analyze the code and dependencies during each build, as well as promptly update the software,” Kabanov noted.
«Wikipedia defines Python as “a multi-paradigm, high-level, general-purpose programming language with dynamic strong typing and automatic memory management, focused on improving developer productivity, code readability, code quality, and portability.”
In 2024, Python overtook JavaScript for the first time to become the most popular programming language on GitHub. This growth is attributed to the rapid development of data science and the excitement around AI and machine learning. These changes reflect a shift in the industry as a whole, where there is an increasing focus on the application of artificial intelligence, including the creation of lighter models that require fewer computing resources.
At the Warhammer Skulls 2025 presentation, developers from the British studio Auroch Digital announced a…
In line with its new strategy, Canadian studio Relic Entertainment presented a remaster of Warhammer…
Publisher Sega and developers from the Lithuanian studio SneakyBox announced a re-release of the 2011…
Xiaomi has officially unveiled its second electric vehicle, the YU7 crossover in three trim levels:…
The ID-Cooling DX360 Max liquid cooling system has one, but very important difference from other…
As part of the expansion of the diversity of the "Laptops and PCs" section, it's…