A vulnerability marked as critical has been reported in PLY 3.11. Impacted is the function yacc. The manipulation of the argument picklefile leads to deserialization.

This vulnerability is uniquely identified as CVE-2025-56005. The attack is possible to be carried out remotely. No exploit exists.