Key Findings A critical vulnerability (CVE-2025-56005) with a CVSS score of 9.8 has been discovered in the PLY (Python Lex-Yacc) library, a popular parsing library used in the Python community. The vulnerability allows Remote Code Execution (RCE) and stems from an undocumented "picklefile" parameter in the `yacc()` function. The issue is caused by the unsafe deserialization of untrusted data using Python's `pickle.load()` method. The project's maintainer, David Beazley, has a
