CVE-2025-4516

UNKNOWN 0.0

Use-after-free in "unicode_escape" decoder with error handler

CVSS Score

0.0

EPSS Score

0.2%

EPSS Percentile

43th

There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.

CWE	CWE-416
Vendor	python software foundation
Product	cpython
Published	May 15, 2025
Last Updated	Apr 21, 2026

Stay Ahead of the Next One

Get instant alerts for python software foundation cpython

Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Python Software Foundation / CPython

0 < 3.10.18 3.11.0 < 3.11.13 3.12.0 < 3.12.11 3.13.0 < 3.13.4 3.14.0a1 < 3.14.0b2

References

NVD ↗ CVE.org ↗ EPSS Data ↗