VDB
DEBIAN-CVE-2025-4435
DEBIAN-CVE-2025-4435
PUBLISHED
CVSS 7.5 HIGH
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | python3.13 | 0, 0 |
| Debian:13 | pypy3 | *, 0, 7.3.19+dfsg |
| Debian:13 | python3.13 | 0, 0 |
| Debian:14 | pypy3 | 7.3.19+dfsg, 0, * |
| Debian:12 | pypy3 | 7.3.11+dfsg, 7.3.11+dfsg, 7.3.11+dfsg |
Timeline
- Jun 3, 2025 CVE Published
- Apr 28, 2026 CVE Updated