PyInstaller has local privilege escalation vulnerability

Description

Impact

Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with PyInstaller < 6.0.0 may be tricked by an unprivileged attacker into executing arbitrary python code when all of the following conditions are met:

  1. Application is built with PyInstaller < 6.0.0; both onedir and onefile mode are affected.
  2. Optional bytecode encryption code feature was not enabled during the application build.
  3. The attacker can create files/directories in the same directory where the executable is located.
  4. The filesystem supports creation of files/directories that contain ? in their name (i.e., non-Windows systems).
  5. The attacker is able to determine the offset at which the PYZ archive is embedded in the executable.

The attacker can create a directory (or a zip archive) next to the executable, with the name that matches the format used by PyInstaller's bootloader to transmit information about the location of PYZ archive to the bootstrap script. If this directory (or zip archive) contains a python module whose name matches the name used by the optional bytecode encryption feature, this module will be loaded and executed by the bootstrap script (in the absence of the real, built-in module that is available when the bytecode-encryption feature is enabled). This results in arbitrary code execution that requires no modification of the executable itself.

If the executable is running with elevated privileges (for example, due to having the setuid bit set), the code in the injected module is also executed with the said elevated privileges, resulting in a local privilege escalation.

Patches

PyInstaller 6.0.0 (f5adf291c8b832d5aff7632844f7e3ddf7ad4923) removed support for bytecode encryption; this effectively removes the described attack vector, due to the bootstrap script not attempting to load the optional module for bytecode-decryption anymore.

PyInstaller 6.10.0 (cfd60b510f95f92cb81fc42735c399bb781a4739) reworked the bootstrap process to avoid (ab)using sys.path for transmitting location of the PYZ archive, which further eliminates the possibility of described injection procedure.

Workarounds

If upgrading PyInstaller is no feasible, this issue can be worked around by ensuring proper permissions on directories containing security-sensitive executables (i.e., executables with setuid bit set) should mitigate the issue.

Basic information

Type
reviewed
Severity
high
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2025-09-10 20:30:18 UTC
Updated
2025-09-10 20:30:18 UTC
GitHub reviewed
2025-09-10 20:30:18 UTC
NVD published
2025-09-09

EPSS Score

Score Percentile
0.02% 4.02%

CVSS Scores

Base score Version Severity Vector
7.0 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Click to expand
Attack vector (AV:L)
Attacker needs local access on the target system.
Attack complexity (AC:L)
Exploitation conditions are straightforward and stable.
Attack requirements (AT:N)
No additional preconditions are required beyond normal reachability.
Privileges required (PR:L)
Low privileges are required.
User interaction (UI:P)
A user has to participate (for example click/open/approve).
Vulnerable system confidentiality impact (VC:H)
High confidentiality impact on the vulnerable system.
Vulnerable system integrity impact (VI:H)
High integrity impact on the vulnerable system.
Vulnerable system availability impact (VA:H)
High availability impact on the vulnerable system.
Subsequent system confidentiality impact (SC:N)
No confidentiality impact on subsequent systems.
Subsequent system integrity impact (SI:N)
No integrity impact on subsequent systems.
Subsequent system availability impact (SA:N)
No availability impact on subsequent systems.

Identifiers

CWEs

CWE id Name
CWE-94 Improper Control of Generation of Code ('Code Injection')

Credits

  • zhangyoufu (reporter)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
pip pyinstaller < 6.0.0 6.0.0

References

cvelogic Threat Intelligence