What is CVE-2025-58367?

CVE-2025-58367 is a vulnerability in Seperman Deepdiff, classified under Improperly Controlled Modification of Dynamically-Determined Object Attributes. Published 2025-09-05.

Is CVE-2025-58367 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Seperman Deepdiff

CVE-2025-58367

DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can…

Vulnerability class: Mass Assignment

EPSS: 0.003 (50.4th percentile) — read the EPSS interpretation.

Affected products

Seperman Deepdiff — versions >= 5.0.0, < 8.6.1

Weakness classification (CWE)

CWE-915 — Improperly Controlled Modification of Dynamically-Determined Object Attributes

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

https://github.com/seperman/deepdiff/security/advisories/GHSA-mw26-5g2v-hqw3 (x_refsource_CONFIRM)
https://github.com/seperman/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183 (x_refsource_MISC)
https://github.com/seperman/deepdiff/releases/tag/8.6.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-58367?: CVE-2025-58367 is a vulnerability in Seperman Deepdiff, classified under Improperly Controlled Modification of Dynamically-Determined Object Attributes. Published 2025-09-05.
Is CVE-2025-58367 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.