VDB
BIT-python-min-2025-4517
BIT-python-min-2025-4517
PUBLISHED
CVSS 9.399999618530273 CRITICAL
Arbitrary writes via tarfile realpath overflow
Risk Scores
CVSS 3.1
9.399999618530273
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | python-min | 0, 3.10.0, 3.11.0 |
Exploit Intelligence
- CVE‑2025‑4517 Proof‑of‑Concept Script (github-poc-repo)
- CVE-2025-4517 (CVSS 9.4 – Critical) A vulnerability in Python's `tarfile` (github-poc-repo)
- Python tarfile data filter bypass via PATH_MAX overflow in os.path.realpath() - CVE-2025-4517 / CVE-2025-4330 (github-poc-repo)
- CVE-2025-4138 / CVE-2025-4517 — Python tarfile PATH_MAX Symlink Filter Bypass (github-poc-repo)
- A Python script to generate a malicious tar archive that exploits CVE-2025-4138 / CVE-2025-4517. (github-poc-repo)
- PoC and explanation for CVE-2025-4517 used in a CTF I was playing. (github-poc-repo)
- Exploit for CVE-2024-6232 - Python Tarfile Realpath Overflow (github-poc-repo)
- Path traversal vulnerability in Python's tarfile. (github-poc-repo)
- A high-performance Python toolkit to automate the CVE-2025-4517 PATH_MAX bypass exploit. Specifically tuned for the WingData HTB challenge to achieve arbitrary file writes and root persistence (github-poc-repo)
- Privilege Escalation script for CVE-2025-4517 (github-poc-repo)
…and 11 more exploits
Timeline
- Jul 10, 2025 CVE Published
- Aug 11, 2025 CVE Updated
References
- https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f url
- https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da url
- https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9 url
- https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a url
- https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e url
- https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a url
- https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a url
- https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01 url
- https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1 url
- https://github.com/python/cpython/issues/135034 url
- https://github.com/python/cpython/pull/135037 url
- https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-4517 url