NULL Pointer Dereference in python-apt Affects APT-Based Linux Systems
CVE-2025-6966

6.9MEDIUM

Key Information:

Vendor: Canonical
Status: Python-apt
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-6966?

A vulnerability in the python-apt package for APT-based Linux systems allows a local attacker to exploit a NULL pointer dereference in the TagSection.keys() method. This can lead to a denial of service by causing a process crash via a specially crafted deb822 file containing a malformed, non-UTF-8 key. System administrators are advised to update to the latest version of python-apt to mitigate the risk of exploitation.

Affected Version(s)

python-apt Linux 3.0 < 3.0.0ubuntu1.1

python-apt Linux 3.0 < 3.0.0ubuntu0.25.04.1

python-apt Linux 2.7 < 2.7.7ubuntu5.1

References

https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Jul 1, 2025

Credit

Julian Andres Klode

JSON

Canonical

What is CVE-2025-6966?

Affected Version(s)

References

CVSS V4

Timeline

Credit