Improper Extraction Behavior in Python TarFile Module
CVE-2025-4435

7.5HIGH

Key Information:

Vendor: Python Software Foundation
Status: Cpython
Vendor: CVE Published:; 3 June 2025

🔔 Create Python Software Foundation Vulnerability Alert

What is CVE-2025-4435?

In the TarFile module of Python, a flaw exists when TarFile.errorlevel is set to 0 while extracting files with a filter. Expected behavior dictates that filtered members should be omitted from extraction. However, a flaw in the processing logic leads to these members being extracted nonetheless, causing unintended data exposure. This can potentially lead to security concerns if sensitive information is inadvertently extracted.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CPython 0 < 3.9.23

CPython 3.10.0 < 3.10.18

CPython 3.11.0 < 3.11.13

References

https://github.com/python/cpython/issues/135034

issue-tracking

https://github.com/python/cpython/pull/135037

patch

https://mail.python.org/archives/list/security-announce@p...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2025
Vulnerability Reserved
May 8, 2025

Credit

Chuck Woodraska

Petr Viktorin

Serhiy Storchaka

Hugo van Kemenade

Łukasz Langa

Thomas Wouters

Seth Larson

JSON

Python Software Foundation

What is CVE-2025-4435?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.