A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in the Python JSON Logger package, affecting versions between 3.2.0 and 3.2.1.
This vulnerability arises from a missing dependency, “msgspec-python313-pre,” which could be exploited by malicious actors if they published a package under the same name.
https://gbhackers.com/python-json-logger-vulnerability/