Vulnerability Description
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://github.com/handcraftedinthealps/goodby-csv/commit/acd14c6ed85116bb2cb4da
- https://github.com/handcraftedinthealps/goodby-csv/security/advisories/GHSA-x3c7
FAQ
What is CVE-2025-49597?
CVE-2025-49597 is a vulnerability with a CVSS score of 3.9 (LOW). handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that...
How severe is CVE-2025-49597?
CVE-2025-49597 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-49597?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.