Low severity3.9OSV Advisory· Published Jun 13, 2025· Updated Apr 15, 2026
CVE-2025-49597
CVE-2025-49597
Description
handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
handcraftedinthealps/goodby-csvPackagist | < 1.4.3 | 1.4.3 |
Affected products
2- Range: 1.4.0, 1.4.1, 1.4.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.