https://cve.circl.lu/comments/feedMost recent comment.2025-09-12T10:45:44.035617+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent comments.https://cve.circl.lu/comment/85c55b2b-8a7a-4d34-89ec-52e38ed8903cAdditional information2025-09-12T10:45:44.041713+00:00Patrick Boulvinhttp://cve.circl.lu/user/BelspoRISK : Multiple vulnerabilities affect the standard TarFile library for CPython. Currently, there is no indication that the vulnerability is actively exploited, but because it is a zero-day with a substantial install base, attackers can exploit it at any moment.
An attacker could exploit flaws to bypass safety checks when extracting compressed files, allowing them to write files outside intended directories, create malicious links, or tamper with system files even when protections are supposedly enabled. Successful exploitation could lead to unauthorised access, data corruption, or malware installation, especially if your systems or third-party tools handle untrusted file uploads or archives
RECOMMENDED ACTION: Patch
Source: ccb.be2025-06-25T13:07:32.040392+00:00