Fix SciPy — CVE-2023-25399 MEDIUM
Fix CVE-2023-25399 (MEDIUM) in SciPy for PyPI. Paste your requirements.txt into PackageFix and get a patched version — no CLI, no signup. Use-after-free in fortran-generated code.
⚠ Vulnerability
CVE-2023-25399 (MEDIUM) — use-after-free in Fortran-generated code in SciPy versions below 1.13.0.
Vulnerable Version — requirements.txt
scipy==1.11.0
Fixed Version — requirements.txt
scipy==1.13.0
✓ Fix
Update SciPy to 1.13.0 or later. Run pip install -r requirements.txt to apply. Verify with your ecosystem's audit tool after updating.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2023-25399 |
| Severity | MEDIUM |
| Package | SciPy (PyPI) |
| Vulnerable versions | Below 1.13.0 |
| Safe version | 1.13.0 |
| CISA KEV | — |
| Description | Use-after-free in fortran-generated code |
Frequently Asked Questions
What is CVE-2023-25399?
CVE-2023-25399 is a MEDIUM severity vulnerability in SciPy (PyPI). It allows use-after-free in Fortran-generated code. Update to version 1.13.0 or later to fix it.
How do I fix CVE-2023-25399 in SciPy?
Update SciPy to version 1.13.0 in your requirements.txt. Run pip install -r requirements.txt after updating to apply the fix.
Is CVE-2023-25399 being actively exploited?
Check the live CISA KEV catalog at packagefix.dev — PackageFix always reflects the current KEV status.
How do I check if I am affected by CVE-2023-25399?
Paste your requirements.txt into PackageFix. If your installed version of SciPy is below 1.13.0, you are affected. PackageFix shows the exact CVE ID and fix version.
What search queries does this page target?
This page covers: SciPy CVE, scipy vulnerability, scipy security fix.