7.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-22153

GHSA ID

GHSA-gmj9-h825-chq2

EPSS Score

0.22773%

CWE

CWE-843

Published

1/23/2025

Updated

1/23/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-22153

CVE-2025-22153: try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter

Impact

Via a type confusion bug in the CPython interpreter when using try/except* RestrictedPython could be bypassed.

We believe this should be fixed upstream in Python itself until that we remove support for try/except* from RestrictedPython. (It has been fixed for some Python versions.)

Patches

Patched in version 8.0 by removing support for try/except* clauses

Workarounds

There is no workaround.

References

none

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-22153

CVE-2025-22153:

7.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-22153

GHSA ID

GHSA-gmj9-h825-chq2

EPSS Score

0.22773%

CWE

CWE-843

Published

1/23/2025

Updated

1/23/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
RestrictedPython	pip	>= 6.0, < 8.0	8.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key points: 1) The transformer allowed try/except* syntax (via visit_TryStar), and 2) ExceptionGroup was whitelisted in safe_builtins. The commit patching the vulnerability specifically modifies both - replacing visit_TryStar's permissive behavior with a denial, and removing ExceptionGroup from safe_builtins. These changes directly correlate with the described type confusion attack vector through try/except* handling in vulnerable Python versions (3.11+). The CWE-843 classification and commit message about 'sandbox escape' confirm these components were the entry points for exploitation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-22153: try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter

Impact

Patches

Workarounds

References

CVE-2025-22153:

7.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-22153: try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter

Impact

Patches

Workarounds

References

7.9

7.9

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI