What is the severity of CVE-2025-27607?

CVE-2025-27607 has been assessed as high severity due to its potential for remote code execution.

How do I fix CVE-2025-27607?

To fix CVE-2025-27607, users should upgrade to Python JSON Logger version 3.3.0 or higher.

What vulnerability does CVE-2025-27607 address?

CVE-2025-27607 addresses a remote code execution vulnerability caused by a missing dependency in Python JSON Logger.

What software is affected by CVE-2025-27607?

CVE-2025-27607 affects the Python JSON Logger versions prior to 3.3.0.

How did CVE-2025-27607 occur?

CVE-2025-27607 occurred because the msgspec-python313-pre dependency was deleted, leaving the name open for exploitation.

Vulnerability/
CVE-2025-27607

high

8.8

CWE

829

EPSS

0.608%

7/3/2025

CVE-2025-27607: Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency

First published: Fri Mar 07 2025(Updated: )

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Python JSON Logger	>=null<3.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-27607?
CVE-2025-27607 has been assessed as high severity due to its potential for remote code execution.
How do I fix CVE-2025-27607?
To fix CVE-2025-27607, users should upgrade to Python JSON Logger version 3.3.0 or higher.
What vulnerability does CVE-2025-27607 address?
CVE-2025-27607 addresses a remote code execution vulnerability caused by a missing dependency in Python JSON Logger.
What software is affected by CVE-2025-27607?
CVE-2025-27607 affects the Python JSON Logger versions prior to 3.3.0.
How did CVE-2025-27607 occur?
CVE-2025-27607 occurred because the msgspec-python313-pre dependency was deleted, leaving the name open for exploitation.

collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/author
agent/severity
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/python
canonical/python json logger

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.