CVE-2025-27607 is a critical remote code execution (RCE) vulnerability affecting the Python JSON Logger, a JSON formatting tool used to enhance logging capabilities in Python applications. The vulnerability arose due to a missing dependency caused by the deletion of the msgspec-python313-pre package, which inadvertently opened the door for third parties to claim the package name. If exploited, this flaw could lead to unauthorized RCE on any user who installed the development dependencies of Python JSON Logger on Python version 3.13. This severe risk poses significant threats to organizations relying on this logging framework, as it could allow attackers to execute arbitrary code within their environments.
https://securityvulnerability.io/vulner ... 2025-27607