CVE-2022-48565

CRITICAL

Python < 3.6.13 - XML External Entity Injection in plistlib Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-48565. PoCs published by Einstein2150.

AI-analyzed exploit summary This repository contains four Python-based PoC scripts demonstrating CVE-2022-48565, an unsafe deserialization vulnerability in Python's plistlib that allows arbitrary code execution via crafted Plist files. The exploits use eval() on deserialized Plist data to achieve RCE.

Description

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Exploits (1)

nomisec WORKING POC 3 stars
by Einstein2150 · poc
https://github.com/Einstein2150/CVE-2022-48565-POC

This repository contains four Python-based PoC scripts demonstrating CVE-2022-48565, an unsafe deserialization vulnerability in Python's plistlib that allows arbitrary code execution via crafted Plist files. The exploits use eval() on deserialized Plist data to achieve RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Python <=3.9.1 and Python 2.x (plistlib)
No auth needed
Prerequisites: Python <=3.9.1 or Python 2.x installed · Ability to deliver malicious Plist file to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit, Issue Tracking, Patch, Vendor Advisory
https://bugs.python.org/issue42051

Scores

CVSS v3 9.8
EPSS 0.0430
EPSS Percentile 89.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-611
Status published
Products (2)
debian/debian_linux 10.0
python/python < 3.6.13
Published Aug 22, 2023
Tracked Since Feb 18, 2026