Back

Critical Vulnerabilities in Python Marshmallow Affect Multiple Ubuntu Releases

Severity: High (Score: 70.5)

Sources: Ubuntu, Linuxsecurity

Summary

On April 30, 2026, Ubuntu released a security notice (USN-8225) addressing critical vulnerabilities in the Python marshmallow library. The vulnerabilities include CVE-2018-17175, which allows information leakage on Ubuntu 18.04 LTS, and CVE-2025-68480, which enables denial of service attacks on Ubuntu versions 20.04 LTS, 22.04 LTS, 24.04 LTS, and 26.04 LTS. The first vulnerability was discovered by Jared Deckard and pertains to improper handling of field visibility, while the second involves inefficient object merging. Users of affected Ubuntu versions are advised to update their systems to mitigate these risks. The patches are available through standard system updates. The vulnerabilities pose significant risks, especially for systems still running older LTS versions. Immediate action is recommended to secure affected systems. Key Points: • Two critical vulnerabilities in Python marshmallow affect multiple Ubuntu LTS versions. • CVE-2018-17175 allows information leakage on Ubuntu 18.04 LTS. • CVE-2025-68480 enables denial of service on Ubuntu 20.04 LTS and newer.

Key Entities

  • Data Breach (attack_type)
  • DDoS (attack_type)
  • CVE-2018-17175 (cve)
  • CVE-2025-68480 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed