VDB
AZL-62322
AZL-62322
PUBLISHED
CVSS 9.300000190734863 CRITICAL
CVE-2025-4138 affecting package python3 for versions less than 3.9.19-14
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Azure Linux:2 | python3 | 0, 0 |
Exploit Intelligence
- CVE-2025-4138 / CVE-2025-4517 — Python tarfile PATH_MAX Symlink Filter Bypass (github-poc-repo)
- A Python script to generate a malicious tar archive that exploits CVE-2025-4138 / CVE-2025-4517. (github-poc-repo)
- Tarfile module directory traversal vulnerability ( with overflow crossed Directory ) --> Lead to Privilege escalation (github-poc-repo)
- CVE-2025-4138 - Python Arbitrary file write outside extraction directory (github-poc-repo)
- d3vn0mi/CVE-2025-4138-POC (github-poc-repo)
- d3vn0mi/CVE-2025-4138-POC (github-poc)
- Tarfile module directory traversal vulnerability ( with overflow crossed Directory ) --> Lead to Privilege escalation (github-poc)
- A Python script to generate a malicious tar archive that exploits CVE-2025-4138 / CVE-2025-4517. (github-poc)
- CVE-2025-4138 - Python Arbitrary file write outside extraction directory (github-poc)
- CVE-2025-4138 / CVE-2025-4517 — Python tarfile PATH_MAX Symlink Filter Bypass (github-poc)
…and 1 more exploits
Timeline
- Jun 3, 2025 CVE Published
- Apr 21, 2026 CVE Updated