{"id":"PYSEC-2025-177","details":"Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval(\"__import__('os').system( substring.","aliases":["CVE-2024-53924","GHSA-pw67-xjhq-389w"],"modified":"2026-05-21T15:00:24.228162177Z","published":"2025-04-17T18:15:47.603Z","references":[{"type":"PACKAGE","url":"https://github.com/dgorissen/pycel"},{"type":"PACKAGE","url":"https://github.com/stephenrauch/pycel"},{"type":"PACKAGE","url":"https://pypi.org/project/pycel/"},{"type":"EVIDENCE","url":"https://gist.github.com/aelmosalamy/cb098e61939718d2bb248fd1cc94f287"}],"affected":[{"package":{"name":"pycel","ecosystem":"PyPI","purl":"pkg:pypi/pycel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.0-beta0"},{"last_affected":"1.0-beta11"},{"last_affected":"1.0-beta12"},{"last_affected":"1.0-beta13"},{"last_affected":"1.0-beta14"},{"last_affected":"1.0-beta15"},{"last_affected":"1.0-beta16"},{"last_affected":"1.0-beta17"},{"last_affected":"1.0-beta18"},{"last_affected":"1.0-beta19"},{"last_affected":"1.0-beta2"},{"last_affected":"1.0-beta20"},{"last_affected":"1.0-beta21"},{"last_affected":"1.0-beta22"},{"last_affected":"1.0-beta26"},{"last_affected":"1.0-beta27"},{"last_affected":"1.0-beta28"},{"last_affected":"1.0-beta29"},{"last_affected":"1.0-beta3"},{"last_affected":"1.0-beta30"},{"last_affected":"1.0-beta4"},{"last_affected":"1.0-beta5"},{"last_affected":"1.0-beta6"},{"last_affected":"1.0-beta7"},{"last_affected":"1.0-beta8"}]}],"versions":["1.0b0","1.0b11","1.0b12","1.0b13","1.0b14","1.0b15","1.0b16","1.0b17","1.0b18","1.0b19","1.0b2","1.0b20","1.0b21","1.0b22","1.0b26","1.0b27","1.0b28","1.0b29","1.0b3","1.0b30","1.0b4","1.0b5","1.0b6","1.0b7","1.0b8"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pycel/PYSEC-2025-177.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}