CVE-2025-8291: Vulnerability in Python Software Foundation CPython
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.
AI Analysis
Technical Summary
The vulnerability in CPython's 'zipfile' module relates to how the ZIP64 EOCD Locator record offset is handled. Instead of using the offset to locate the ZIP64 EOCD record, the module assumes it is the previous record in the archive. This can cause inconsistencies in how ZIP archives are processed compared to other ZIP tools. The fix involves validating that the offset in the ZIP64 EOCD Locator matches the expected value, preserving the original logic but adding a correctness check. This issue affects multiple CPython versions including 3.11.0 through 3.14.0.
Potential Impact
This vulnerability may allow specially crafted ZIP archives to be handled differently by the 'zipfile' module than by other ZIP implementations. While it does not directly lead to confidentiality, integrity, or availability compromise, it introduces a potential for inconsistent processing which could be leveraged in scenarios requiring ZIP archive validation or security checks. The CVSS score of 4.3 reflects a low to medium impact with no direct confidentiality or availability impact and limited integrity impact.
Mitigation Recommendations
No official patch or update link is currently provided. The vendor's remediation approach maintains the original behavior but adds validation of the ZIP64 EOCD Locator offset. Users should monitor the Python Software Foundation advisories for an official patch or update. Until then, be cautious when processing untrusted ZIP64 archives with the 'zipfile' module. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2025-8291: Vulnerability in Python Software Foundation CPython
Description
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in CPython's 'zipfile' module relates to how the ZIP64 EOCD Locator record offset is handled. Instead of using the offset to locate the ZIP64 EOCD record, the module assumes it is the previous record in the archive. This can cause inconsistencies in how ZIP archives are processed compared to other ZIP tools. The fix involves validating that the offset in the ZIP64 EOCD Locator matches the expected value, preserving the original logic but adding a correctness check. This issue affects multiple CPython versions including 3.11.0 through 3.14.0.
Potential Impact
This vulnerability may allow specially crafted ZIP archives to be handled differently by the 'zipfile' module than by other ZIP implementations. While it does not directly lead to confidentiality, integrity, or availability compromise, it introduces a potential for inconsistent processing which could be leveraged in scenarios requiring ZIP archive validation or security checks. The CVSS score of 4.3 reflects a low to medium impact with no direct confidentiality or availability impact and limited integrity impact.
Mitigation Recommendations
No official patch or update link is currently provided. The vendor's remediation approach maintains the original behavior but adds validation of the ZIP64 EOCD Locator offset. Users should monitor the Python Software Foundation advisories for an official patch or update. Until then, be cautious when processing untrusted ZIP64 archives with the 'zipfile' module. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- PSF
- Date Reserved
- 2025-07-28T21:05:06.237Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68e558f4a677756fc99b5208
Added to database: 10/7/2025, 6:16:20 PM
Last enriched: 4/22/2026, 5:43:05 AM
Last updated: 5/10/2026, 12:45:57 AM
Views: 868
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.