Directory Traversal Vulnerability in Internet Archive Python Library

CVE-2025-58438

What is CVE-2025-58438?

The Internet Archive library has a directory traversal vulnerability in the File.download() method that affects versions 5.5.0 and earlier. This issue arises from inadequate sanitization of user-supplied filenames and improper validation of the download path, potentially allowing attackers to manipulate file paths using traversal sequences. Consequently, an attacker could craft a filename that causes files to be written outside the intended directory, presenting risks such as overwriting important system files or application configurations. Such vulnerabilities could subsequently lead to denial of service, privilege escalation, or even remote code execution. This issue presents heightened risks, particularly for users operating on Windows systems, but impacts all platforms. The vulnerability is addressed in version 5.5.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References