The PyInstaller project has released fixes for a local privilege escalation vulnerability that affected applications packaged with versions prior to 6.0.0. Tracked as CVE-2025-59042 with a CVSS score of 7.0, the flaw could allow attackers to execute arbitrary code during the bootstrap process of PyInstaller-frozen applications.
PyInstaller bundles Python applications into standalone executables by packaging the interpreter and dependencies. However, the advisory explains: “Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with PyInstaller < 6.0.0 may be tricked by an unprivileged attacker into executing arbitrary python code.”
This flaw arises because the bootstrap script could mistakenly import a malicious module placed by an attacker if certain conditions were met. Specifically, the attack relies on the ability to create a crafted directory or zip archive next to the executable that mimics the format used by PyInstaller’s bootloader for transmitting the PYZ archive location.
If the executable runs with elevated privileges (for example, with the setuid bit enabled), this arbitrary code would also execute with elevated rights, resulting in a full local privilege escalation.
The attack requires several preconditions:
- Application built with PyInstaller < 6.0.0 (both onedir and onefile modes affected).
- Optional bytecode encryption feature not enabled.
- Attacker can create files/directories in the same directory as the executable.
- Filesystem allows ? in file/directory names (non-Windows systems).
- Attacker can determine the offset of the embedded PYZ archive.
If all conditions are met, an attacker can trick the bootstrap process into importing their malicious module instead of the expected internal component.
The PyInstaller team addressed the issue in two stages:
- PyInstaller 6.0.0 – “removed support for bytecode encryption; this effectively removes the described attack vector, due to the bootstrap script not attempting to load the optional module for bytecode-decryption anymore.”
- PyInstaller 6.10.0 – further hardened the bootstrap process by eliminating the use of sys.path for transmitting the PYZ archive location.
For environments where upgrading is not immediately possible, the advisory recommends:
- Applying strict directory permissions on locations containing executables with elevated privileges (such as setuid binaries).
- Ensuring attackers cannot create arbitrary files alongside sensitive executables.
