VDB
CVE-2025-58438
CVE-2025-58438
PUBLISHED
CVSS 9.399999618530273 CRITICAL
internetarchive Vulnerable to Directory Traversal in File.download()
EPSS 3.85% · 88.4th percentile
Risk Scores
CVSS 4.0
9.399999618530273
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS Score
3.85%
88.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| jjjake | internetarchive | < 5.5.1 |
| PyPI | internetarchive | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-58438 (circl-sighting)
- CIRCL seen: CVE-2025-58438 (circl-sighting)
- https://lists.debian.org/debian-lts-announce/2025/09/msg00030.html (circl)
- https://github.com/jjjake/internetarchive/security/advisories/GHSA-wx3r-v6h7-frjp (circl)
- https://github.com/jjjake/internetarchive/commit/cba2d459e10a9489fb35caeba0b03e80f5f5d7c2 (circl)
- https://github.com/jjjake/internetarchive/releases/tag/v5.5.1 (circl)
Timeline
- Sep 5, 2025 CVE Published
- Sep 6, 2025 PoC Published
- Sep 7, 2025 EPSS Score
- Sep 7, 2025 PoC Published
- Sep 14, 2025 EPSS Score
- Sep 22, 2025 EPSS Score
- Sep 30, 2025 EPSS Score
- Oct 7, 2025 EPSS Score
- Oct 14, 2025 EPSS Score
- Oct 18, 2025 EPSS Score
- Oct 21, 2025 EPSS Score
- Oct 24, 2025 EPSS Score
References
- https://github.com/jjjake/internetarchive/security/advisories/GHSA-wx3r-v6h7-frjp url
- https://github.com/jjjake/internetarchive/commit/cba2d459e10a9489fb35caeba0b03e80f5f5d7c2 url
- https://github.com/jjjake/internetarchive/releases/tag/v5.5.1 url
- https://lists.debian.org/debian-lts-announce/2025/09/msg00030.html url
- https://nvd.nist.gov/vuln/detail/CVE-2025-58438 advisory
- https://github.com/jjjake/internetarchive package