Performance Degradation Vulnerability in Python Environment Variables
CVE-2025-6075

1.8LOW

Key Information:

Vendor

Python Software Foundation

Status
Cpython
Vendor
CVE Published:
31 October 2025

What is CVE-2025-6075?

This vulnerability pertains to the Python programming language's os.path.expandvars() function, which processes environment variables. If a user is able to control the value passed to this function, it may lead to significant performance degradation during the expansion of these environment variables. This potential issue emphasizes the importance of validating user inputs to ensure efficient operation and maintain system performance.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CPython 0 < 3.13.10

CPython 3.14.0 < 3.14.1

CPython 3.15.0a1 < 3.15.0a2

References

https://github.com/python/cpython/issues/136065
issue-tracking
https://mail.python.org/archives/list/security-announce@p...
vendor-advisory
https://github.com/python/cpython/commit/2e6150adccaaf5bd...
patch

CVSS V4

Score:
1.8
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.