VDB
CGA-8v3f-qjx6-pjw3
CGA-8v3f-qjx6-pjw3
PUBLISHED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chainguard | python-3.13-privileged-netbindservice | 0, 0, 0 |
| Chainguard | python-3.13-dev | 0, 0, 0 |
| Wolfi | python-3.13-dev | 0, 0, 0 |
| Chainguard | python-3.13-tk | 0, 0, 0 |
| Wolfi | python-3.13-doc | 0, 0, 0 |
| Chainguard | python-3.13-base | 0, 0, 0 |
| Chainguard | python-3.13 | 0, 0, 0 |
| Chainguard | python-3.13-doc | 0, 0, 0 |
| Wolfi | python-3.13-tk | 0, 0, 0 |
| Chainguard | python-3.13-base-dev | 0, 0, 0 |
| Wolfi | python-3.13 | 0, 0, 0 |
| Wolfi | python-3.13-privileged-netbindservice | 0, 0, 0 |
| Wolfi | python-3.13-base | 0, 0, 0 |
| Wolfi | python-3.13-base-dev | 0, 0, 0 |
Exploit Intelligence
- CVE‑2025‑4517 Proof‑of‑Concept Script (github-poc-repo)
- CVE-2025-4517 (CVSS 9.4 – Critical) A vulnerability in Python's `tarfile` (github-poc-repo)
- Python tarfile data filter bypass via PATH_MAX overflow in os.path.realpath() - CVE-2025-4517 / CVE-2025-4330 (github-poc-repo)
- CVE-2025-4138 / CVE-2025-4517 — Python tarfile PATH_MAX Symlink Filter Bypass (github-poc-repo)
- A Python script to generate a malicious tar archive that exploits CVE-2025-4138 / CVE-2025-4517. (github-poc-repo)
- PoC and explanation for CVE-2025-4517 used in a CTF I was playing. (github-poc-repo)
- Exploit for CVE-2024-6232 - Python Tarfile Realpath Overflow (github-poc-repo)
- Path traversal vulnerability in Python's tarfile. (github-poc-repo)
- A high-performance Python toolkit to automate the CVE-2025-4517 PATH_MAX bypass exploit. Specifically tuned for the WingData HTB challenge to achieve arbitrary file writes and root persistence (github-poc-repo)
- Privilege Escalation script for CVE-2025-4517 (github-poc-repo)
…and 11 more exploits
Timeline
- Jan 29, 2026 CVE Published
- Feb 4, 2026 CVE Updated