Skip to main content

CVE-2025-4330: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Python Software Foundation CPython

High
VulnerabilityCVE-2025-4330cvecve-2025-4330cwe-22
Published: Tue Jun 03 2025 (06/03/2025, 12:58:57 UTC)
Source: CVE Database V5
Vendor/Project: Python Software Foundation
Product: CPython

Description

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

AI-Powered Analysis

AILast updated: 07/11/2025, 01:49:32 UTC

Technical Analysis

CVE-2025-4330 is a high-severity path traversal vulnerability (CWE-22) in the Python Software Foundation's CPython implementation, specifically affecting the tarfile module's extraction functionality. The vulnerability arises when using the TarFile.extractall() or TarFile.extract() methods with the filter parameter set to "data" or "tar". This flaw allows attackers to bypass the intended extraction filters, enabling symlink targets within tar archives to point outside the designated extraction directory. Consequently, an attacker can manipulate file metadata or place files arbitrarily on the filesystem, potentially overwriting critical files or planting malicious payloads. This issue is particularly relevant starting with Python 3.14, where the default filter value changed to "data", meaning that even default extraction calls may be affected if relying on this behavior. The vulnerability does not significantly impact the installation of source distributions since those already permit arbitrary code execution during build processes, but it raises concerns when extracting untrusted tar archives in general. The CVSS v3.1 score of 7.5 reflects a high severity, with network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to integrity compromise without affecting confidentiality or availability. No known exploits are currently reported in the wild, but the vulnerability poses a serious risk for applications that programmatically extract untrusted tar archives using the affected Python versions (0, 3.10.0 through 3.14.0a1).

Potential Impact

For European organizations, this vulnerability presents a significant risk, especially for those relying on Python-based applications or automation scripts that handle tar archive extraction. The ability to write files outside the intended directory can lead to unauthorized modification of system or application files, potentially enabling privilege escalation, persistence mechanisms, or tampering with critical data. Industries such as finance, healthcare, and government, which often process large volumes of data and use Python for automation, are particularly vulnerable. The integrity compromise could disrupt business operations, lead to data corruption, or facilitate further attacks. Since no authentication or user interaction is required, attackers can exploit this remotely if the vulnerable functionality is exposed via network services or automated pipelines processing untrusted archives. The change in default behavior in Python 3.14 increases the attack surface, as developers may be unaware that their extraction code is now vulnerable by default. This could lead to widespread exposure in European organizations adopting the latest Python versions without adequate review. Additionally, supply chain security is at risk if malicious tar archives are introduced during software distribution or update processes.

Mitigation Recommendations

European organizations should immediately audit their use of the tarfile module in Python applications, focusing on calls to TarFile.extractall() and TarFile.extract() with the filter parameter set to "data" or "tar" or relying on the default filter behavior in Python 3.14 and later. Mitigation steps include: 1) Avoid extracting untrusted tar archives or ensure archives are from verified, trusted sources. 2) Implement strict validation of tar archive contents before extraction, including checking for symlinks and path traversal attempts. 3) Use sandboxed or isolated environments for extraction processes to limit potential damage. 4) Upgrade to patched Python versions once available or apply vendor-provided patches promptly. 5) If upgrading is not immediately possible, consider using alternative extraction libraries or custom extraction logic that enforces strict path sanitization. 6) Incorporate security scanning and static analysis tools to detect unsafe extraction patterns in codebases. 7) Educate developers about the changed default filter behavior in Python 3.14 to prevent inadvertent exposure. 8) Monitor systems for unexpected file modifications or suspicious activity related to tar extraction.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
PSF
Date Reserved
2025-05-05T15:05:14.302Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683eff8d182aa0cae27db842

Added to database: 6/3/2025, 1:58:37 PM

Last enriched: 7/11/2025, 1:49:32 AM

Last updated: 8/11/2025, 11:03:54 PM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats