GHSA-CQ46-M9X9-J8W2
Vulnerability from github – Published: 2025-10-22 16:45 – Updated: 2025-10-23 20:10Summary
An unsafe deserialization vulnerability in Scapy <v2.7.0 allows attackers to execute arbitrary code when a malicious session file is locally loaded via the -s option. This requires convincing a user to manually load a malicious session file.
Details
Scapy’s interactive shell supports session loading using gzip-compressed pickle files:
./run_scapy -s <session_file.pkl.gz>
Internally, this triggers:
# main.py
SESSION = pickle.load(gzip.open(session_name, "rb"))
Since no validation or restriction is performed on the deserialized object, any code embedded via __reduce__() will be executed immediately. This makes it trivial for an attacker to drop a malicious .pkl.gz in a shared folder and have it executed by unsuspecting users.
The vulnerability exists in the load_session function, which deserializes data using pickle.load() on .pkl.gz files provided via the -s CLI flag or programmatically through conf.session.
Affected lines in source code: https://github.com/secdev/scapy/blob/master/scapy/main.py#L569-L572
try:
s = pickle.load(gzip.open(fname, "rb"))
except IOError:
try:
s = pickle.load(open(fname, "rb"))
Impact
This is a classic deserialization vulnerability which leads to Code Execution (CE) when untrusted data is deserialized.
Any user who can trick another user into loading a crafted .pkl.gz session file (e.g. via -s option) can execute arbitrary Python code.
- Vulnerability type: Insecure deserialization (Python
pickle) - CWE: CWE-502: Deserialization of Untrusted Data
- CVSS v4.0 Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N - CVSS Score: 5.4 (Medium)
- Impact: Arbitrary Code Execution
- Attack vector: Local or supply chain (malicious
.pkl.gz) - Affected users: Any user who loads session files (even interactively)
- Affected version: Scapy v2.6.1
Mitigations
- Do not use 'sessions' (the -s option when launching Scapy).
- Use the Scapy 2.7.0+ where the session mechanism has been removed.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "scapy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-22T16:45:49Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nAn unsafe deserialization vulnerability in Scapy \u003cv2.7.0 allows attackers to execute arbitrary code **when a malicious session file is locally loaded via the `-s` option**. This requires convincing a user to manually load a malicious session file.\n\n---\n\n### Details\n\nScapy\u2019s interactive shell supports session loading using gzip-compressed pickle files:\n\n```bash\n./run_scapy -s \u003csession_file.pkl.gz\u003e\n```\n\nInternally, this triggers:\n\n```python\n# main.py\nSESSION = pickle.load(gzip.open(session_name, \"rb\"))\n```\n\nSince no validation or restriction is performed on the deserialized object, **any code embedded via `__reduce__()` will be executed immediately**. This makes it trivial for an attacker to drop a malicious `.pkl.gz` in a shared folder and have it executed by unsuspecting users.\n\nThe vulnerability exists in the `load_session` function, which deserializes data using `pickle.load()` on `.pkl.gz` files provided via the `-s` CLI flag or programmatically through `conf.session`.\n\n**Affected lines in source code**:\nhttps://github.com/secdev/scapy/blob/master/scapy/main.py#L569-L572\n\n```python\ntry:\n s = pickle.load(gzip.open(fname, \"rb\"))\nexcept IOError:\n try:\n s = pickle.load(open(fname, \"rb\"))\n```\n\n### Impact\n\nThis is a classic deserialization vulnerability which leads to Code Execution (CE) when untrusted data is deserialized.\n\nAny user who can trick another user into loading a crafted `.pkl.gz` session file (e.g. via `-s` option) can execute arbitrary Python code.\n\n- **Vulnerability type:** Insecure deserialization (Python `pickle`)\n- **CWE**: [CWE-502: Deserialization of Untrusted Data](https://cwe.mitre.org/data/definitions/502.html)\n- **CVSS v4.0 Vector**: `CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N`\n- **CVSS Score**: 5.4 (Medium)\n- **Impact:** Arbitrary Code Execution\n- **Attack vector:** Local or supply chain (malicious `.pkl.gz`)\n- **Affected users:** Any user who loads session files (even interactively)\n- **Affected version:** **Scapy v2.6.1**\n\n---\n\n### Mitigations\n\n- Do not use \u0027sessions\u0027 (the -s option when launching Scapy).\n- Use the Scapy 2.7.0+ where the session mechanism has been removed.",
"id": "GHSA-cq46-m9x9-j8w2",
"modified": "2025-10-23T20:10:45Z",
"published": "2025-10-22T16:45:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/secdev/scapy/security/advisories/GHSA-cq46-m9x9-j8w2"
},
{
"type": "WEB",
"url": "https://github.com/secdev/scapy/commit/13621d1145b3435e9d03caf20997107a84435c0b"
},
{
"type": "PACKAGE",
"url": "https://github.com/secdev/scapy"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.