Performance Degradation Vulnerability in Python Environment Variables
CVE-2025-6075

1.8LOW

Key Information:

Vendor

Python Software Foundation

Status
Cpython
Vendor
CVE Published:
31 October 2025

What is CVE-2025-6075?

This vulnerability pertains to the Python programming language's os.path.expandvars() function, which processes environment variables. If a user is able to control the value passed to this function, it may lead to significant performance degradation during the expansion of these environment variables. This potential issue emphasizes the importance of validating user inputs to ensure efficient operation and maintain system performance.

Affected Version(s)

CPython 0 < 3.15.0

References

https://github.com/python/cpython/issues/136065
issue-tracking
https://mail.python.org/archives/list/security-announce@p...
vendor-advisory
https://github.com/python/cpython/commit/2e6150adccaaf5bd...
patch

CVSS V4

Score:
1.8
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-6075 : Performance Degradation Vulnerability in Python Environment Variables