CWE-436

Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

CVE-2025-25291 (GCVE-0-2025-25291)
Vulnerability from cvelistv5
Published
2025-03-12 20:16
Modified
2025-09-12 19:07
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
  • CWE-436 - Interpretation Conflict
Summary
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
Impacted products
Vendor Product Version
SAML-Toolkits ruby-saml Version: < 1.12.4
Version: >= 1.13.0, < 1.18.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25291",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-03T20:06:31.066662Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T20:06:50.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-15T20:47:03.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250314-0010/"
          },
          {
            "url": "https://news.ycombinator.com/item?id=43374519"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ruby-saml",
          "vendor": "SAML-Toolkits",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.12.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.18.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-436",
              "description": "CWE-436: Interpretation Conflict",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-12T19:07:07.030Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm"
        },
        {
          "name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
        },
        {
          "name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
        },
        {
          "name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
        },
        {
          "name": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
        },
        {
          "name": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
        }
      ],
      "source": {
        "advisory": "GHSA-4vc4-m8qh-g8jm",
        "discovery": "UNKNOWN"
      },
      "title": "ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-25291",
    "datePublished": "2025-03-12T20:16:12.181Z",
    "dateReserved": "2025-02-06T17:13:33.122Z",
    "dateUpdated": "2025-09-12T19:07:07.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-25292 (GCVE-0-2025-25292)
Vulnerability from cvelistv5
Published
2025-03-12 20:53
Modified
2025-09-12 19:06
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
  • CWE-436 - Interpretation Conflict
Summary
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
Impacted products
Vendor Product Version
SAML-Toolkits ruby-saml Version: < 1.12.4
Version: >= 1.13.0, < 1.18.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-15T20:47:21.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250314-0009/"
          },
          {
            "url": "https://news.ycombinator.com/item?id=43374519"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-18T14:32:48.636527Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T14:32:54.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ruby-saml",
          "vendor": "SAML-Toolkits",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.12.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.18.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-436",
              "description": "CWE-436: Interpretation Conflict",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-12T19:06:17.813Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2"
        },
        {
          "name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
        },
        {
          "name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
        },
        {
          "name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
        },
        {
          "name": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
        },
        {
          "name": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
        }
      ],
      "source": {
        "advisory": "GHSA-754f-8gm6-c4r2",
        "discovery": "UNKNOWN"
      },
      "title": "Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-25292",
    "datePublished": "2025-03-12T20:53:24.353Z",
    "dateReserved": "2025-02-06T17:13:33.122Z",
    "dateUpdated": "2025-09-12T19:06:17.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48384 (GCVE-0-2025-48384)
Vulnerability from cvelistv5
Published
2025-07-08 18:23
Modified
2025-08-26 03:55
CWE
  • CWE-436 - Interpretation Conflict
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Impacted products
Vendor Product Version
git git Version: < 2.43.7
Version: >= 2.44.0-rc0, < 2.44.4
Version: >= 2.45.0-rc0, < 2.45.4
Version: >= 2.46.0-rc0, < 2.46.4
Version: >= 2.47.0-rc0, < 2.47.3
Version: >= 2.48.0-rc0, < 2.48.2
Version: >= 2.49.0-rc0, < 2.49.1
Version: >= 2.50.0-rc0, < 2.50.1
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48384",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-22T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-08-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T03:55:22.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2025-08-25T00:00:00+00:00",
            "value": "CVE-2025-48384 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "git",
          "vendor": "git",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.43.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.44.0-rc0, \u003c 2.44.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.45.0-rc0, \u003c 2.45.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.46.0-rc0, \u003c 2.46.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.47.0-rc0, \u003c 2.47.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.48.0-rc0, \u003c 2.48.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.49.0-rc0, \u003c 2.49.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.50.0-rc0, \u003c 2.50.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-436",
              "description": "CWE-436: Interpretation Conflict",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-08T18:23:48.710Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9"
        }
      ],
      "source": {
        "advisory": "GHSA-vwqx-4fm8-6qc9",
        "discovery": "UNKNOWN"
      },
      "title": "Git allows arbitrary code execution through broken config quoting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48384",
    "datePublished": "2025-07-08T18:23:48.710Z",
    "dateReserved": "2025-05-19T15:46:00.397Z",
    "dateUpdated": "2025-08-26T03:55:22.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54368 (GCVE-0-2025-54368)
Vulnerability from cvelistv5
Published
2025-08-08 00:00
Modified
2025-08-08 17:32
CWE
  • CWE-436 - Interpretation Conflict
  • CWE-20 - Improper Input Validation
Summary
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. An attacker could also contrive a "stacked" ZIP input with multiple internal ZIPs, which would be handled differently by different package installers. The attacker could choose which installer to target in both scenarios. This issue is fixed in version 0.8.6. To work around this issue, users may choose to set UV_INSECURE_NO_ZIP_VALIDATION=1 to revert to the previous behavior.
Impacted products
Vendor Product Version
astral-sh uv Version: < 0.8.6
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54368",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-08T17:32:03.528701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-08T17:32:18.259Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "uv",
          "vendor": "astral-sh",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.8.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive\u0027s central directory. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. An attacker could  also contrive a \"stacked\" ZIP input with multiple internal ZIPs, which would be handled differently by different package installers. The attacker could choose which installer to target in both scenarios. This issue is fixed in version 0.8.6. To work around this issue, users may choose to set UV_INSECURE_NO_ZIP_VALIDATION=1 to revert to the previous behavior."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-436",
              "description": "CWE-436: Interpretation Conflict",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-08T00:00:39.001Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/astral-sh/uv/security/advisories/GHSA-8qf3-x8v5-2pj8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/astral-sh/uv/security/advisories/GHSA-8qf3-x8v5-2pj8"
        },
        {
          "name": "https://github.com/astral-sh/uv/commit/7f1eaf48c193e045ca2c62c4581048765c55505f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/astral-sh/uv/commit/7f1eaf48c193e045ca2c62c4581048765c55505f"
        },
        {
          "name": "https://astral.sh/blog/uv-security-advisory-cve-2025-54368",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://astral.sh/blog/uv-security-advisory-cve-2025-54368"
        },
        {
          "name": "https://blog.pypi.org/posts/2025-08-07-wheel-archive-confusion-attacks",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.pypi.org/posts/2025-08-07-wheel-archive-confusion-attacks"
        }
      ],
      "source": {
        "advisory": "GHSA-8qf3-x8v5-2pj8",
        "discovery": "UNKNOWN"
      },
      "title": "uv is vulnerable to ZIP payload obfuscation through parsing differentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54368",
    "datePublished": "2025-08-08T00:00:39.001Z",
    "dateReserved": "2025-07-21T16:12:20.732Z",
    "dateUpdated": "2025-08-08T17:32:18.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

CAPEC-105: HTTP Request Splitting

['An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).', 'See CanPrecede relationships for possible consequences.']

CAPEC-273: HTTP Response Smuggling

['An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).', 'See CanPrecede relationships for possible consequences.']

CAPEC-34: HTTP Response Splitting

['An adversary manipulates and injects malicious content, in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., web server) or into an already spoofed HTTP response from an adversary controlled domain/site.', 'See CanPrecede relationships for possible consequences.']

Back to CWE stats page