CVE-2025-4517 is a critical path traversal vulnerability (CWE-22) affecting the Python Software Foundation's CPython implementation, specifically within the tarfile module. This vulnerability allows an attacker to perform arbitrary filesystem writes outside the intended extraction directory when extracting tar archives using the TarFile.extractall() or TarFile.extract() methods with the filter parameter set to "data" or "tar". The issue arises because the pathname limitation intended to restrict file extraction to a safe directory is improperly enforced, enabling crafted tar archives to overwrite or create files anywhere on the filesystem accessible by the Python process. Notably, starting with Python 3.14, the default filter value changed from "no filtering" to "data", which means that even code relying on default behavior is now vulnerable. The vulnerability affects all CPython versions from 0 up to 3.14.0a1. Although source distributions (which are often tar archives) are less impacted due to their inherent risk of arbitrary code execution during build processes, this vulnerability poses a significant risk when extracting untrusted tar archives in any Python environment. The CVSS v3.1 score is 9.4 (critical), reflecting its network attack vector, no required privileges or user interaction, and high impact on confidentiality and integrity with some impact on availability. No known exploits are currently reported in the wild, but the ease of exploitation and severity warrant immediate attention. This vulnerability can lead to unauthorized file overwrites, potentially allowing attackers to implant malicious code, escalate privileges, or disrupt system operations.

For European organizations, this vulnerability presents a severe risk, especially those relying on Python for automation, data processing, or software deployment that involves extracting tar archives from untrusted or external sources. Successful exploitation can lead to unauthorized modification or creation of critical files, resulting in data breaches, system compromise, or service disruption. Given Python's widespread use in enterprise environments, including financial services, healthcare, government, and technology sectors across Europe, the potential for lateral movement and persistent compromise is significant. Organizations using Python 3.14 or later are particularly at risk due to the default filter change increasing exposure. The vulnerability could be exploited in supply chain attacks, where malicious tar archives are introduced during software updates or third-party integrations. Additionally, critical infrastructure and cloud service providers in Europe that utilize Python-based tooling may face operational risks and regulatory consequences under GDPR if sensitive data is compromised.

European organizations should immediately audit their Python environments to identify usage of the tarfile module with extractall() or extract() methods, especially where the filter parameter is set to "data" or "tar" or left to default in Python 3.14+. Mitigations include: 1) Avoid extracting tar archives from untrusted sources or implement strict validation and sanitization of archive contents before extraction. 2) Upgrade to a patched version of CPython once available; until then, consider downgrading to a safe version or disabling the use of the filter parameter. 3) Implement application-level controls to restrict filesystem write permissions for Python processes, using containerization or sandboxing to limit impact. 4) Monitor filesystem changes and audit logs for unexpected file writes outside designated directories. 5) Educate developers and DevOps teams about the risks of using tarfile extraction with untrusted data and enforce secure coding practices. 6) Use alternative extraction libraries or tools that properly enforce path restrictions if immediate patching is not feasible. 7) Review and harden CI/CD pipelines and software supply chains to prevent introduction of malicious tar archives.