VDB
CGA-m9jp-q7v9-6c7w
CGA-m9jp-q7v9-6c7w
REJECTED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wolfi | python-3.13-doc | 0, 0, 0 |
| Chainguard | python-3.13-dev | 0, 0, 0 |
| Wolfi | python-3.13-dev | 0, 0, 0 |
| Wolfi | python-3.13-tk | 0, 0, 0 |
| Wolfi | python-3.13-base-dev | 0, 0, 0 |
| Chainguard | python-3.13-privileged-netbindservice | 0, 0, 0 |
| Chainguard | python-3.13-base-dev | 0, 0, 0 |
| Chainguard | python-3.13 | 0, 0, 0 |
| Chainguard | python-3.13-doc | 0, 0, 0 |
| Chainguard | python-3.13-tk | 0, 0, 0 |
| Wolfi | python-3.13-privileged-netbindservice | 0, 0, 0 |
| Wolfi | python-3.13-base | 0, 0, 0 |
| Wolfi | python-3.13 | 0, 0, 0 |
| Chainguard | python-3.13-base | 0, 0, 0 |
Exploit Intelligence
- CVE-2025-4138 / CVE-2025-4517 — Python tarfile PATH_MAX Symlink Filter Bypass (github-poc-repo)
- A Python script to generate a malicious tar archive that exploits CVE-2025-4138 / CVE-2025-4517. (github-poc-repo)
- Tarfile module directory traversal vulnerability ( with overflow crossed Directory ) --> Lead to Privilege escalation (github-poc-repo)
- CVE-2025-4138 - Python Arbitrary file write outside extraction directory (github-poc-repo)
- d3vn0mi/CVE-2025-4138-POC (github-poc-repo)
- d3vn0mi/CVE-2025-4138-POC (github-poc)
- Tarfile module directory traversal vulnerability ( with overflow crossed Directory ) --> Lead to Privilege escalation (github-poc)
- A Python script to generate a malicious tar archive that exploits CVE-2025-4138 / CVE-2025-4517. (github-poc)
- CVE-2025-4138 - Python Arbitrary file write outside extraction directory (github-poc)
- CVE-2025-4138 / CVE-2025-4517 — Python tarfile PATH_MAX Symlink Filter Bypass (github-poc)
…and 1 more exploits
Timeline
- Jan 28, 2026 CVE Rejected