How severe is CVE-2025-27607?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2025-27607?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2025-27607 - HIGH Severity | CVSS 8.8

Vulnerability Description

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.

Related Vulnerabilities

CVE-2018-18387

HIGH

CVSS:8.8(High)

playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.

CWE-8292018

CVE-2019-8154

HIGH

CVSS:8.8(High)

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP fi...

CWE-8292019

CVE-2019-9829

HIGH

CVSS:8.8(High)

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on...

CWE-8292019

CVE-2021-30507

HIGH

CVSS:8.8(High)

Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTM...

CWE-8292021

CVE-2022-22246

HIGH

CVSS:8.8(High)

A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this ...

CWE-8292022

CVE-2022-30243

HIGH

CVSS:8.8(High)

Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A use...

CWE-8292022