CVE-2025-4517
CVE-2025-4517
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- Low
Description
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Comprehensive Technical Analysis of CVE-2025-4517
1. Vulnerability Assessment and Severity Evaluation
CVE ID: CVE-2025-4517 CVSS Score: 9.4
Severity Evaluation: The CVSS score of 9.4 indicates a critical vulnerability. This high score is due to the potential for arbitrary filesystem writes outside the intended extraction directory, which can lead to significant security risks, including data corruption, unauthorized access, and potential code execution.
2. Potential Attack Vectors and Exploitation Methods
Attack Vectors:
- Untrusted Tar Archives: An attacker could craft a malicious tar archive designed to exploit the vulnerability by including files with paths that point outside the intended extraction directory.
- Supply Chain Attacks: Malicious actors could inject compromised tar archives into the software supply chain, affecting downstream users who extract these archives.
Exploitation Methods:
- Path Traversal: By manipulating the file paths within the tar archive, an attacker can write files to arbitrary locations on the filesystem.
- Data Manipulation: An attacker could overwrite critical system files or configuration files, leading to system instability or unauthorized access.
3. Affected Systems and Software Versions
Affected Systems:
- Systems using Python's
tarfilemodule to extract untrusted tar archives. - Specifically, systems using
TarFile.extractall()orTarFile.extract()with thefilter=parameter set to"data"or"tar".
Software Versions:
- Python versions prior to 3.14 are affected if the
filter=parameter is explicitly set to"data"or"tar". - Python 3.14 and later are affected if relying on the new default behavior where
filter=is set to"data".
4. Recommended Mitigation Strategies
Immediate Mitigation:
- Avoid Using Untrusted Archives: Do not extract tar archives from untrusted sources.
- Manual Filtering: Implement custom filtering logic to sanitize file paths before extraction.
- Update Python: Ensure that the Python environment is updated to the latest version where this vulnerability is addressed.
Long-Term Mitigation:
- Code Review: Review and update codebases to ensure that the
filter=parameter is set appropriately and that extraction logic is secure. - Security Audits: Conduct regular security audits of codebases and dependencies to identify and mitigate similar vulnerabilities.
5. Impact on Cybersecurity Landscape
Broader Implications:
- Supply Chain Security: This vulnerability highlights the importance of securing the software supply chain, as compromised archives can propagate through various stages of software development and deployment.
- Code Execution Risks: Although the vulnerability does not directly lead to code execution, the ability to write arbitrary files can be leveraged to achieve code execution through other means.
- Increased Awareness: The high CVSS score and the nature of the vulnerability underscore the need for vigilant security practices, especially when handling file archives.
6. Technical Details for Security Professionals
Vulnerability Details:
- The vulnerability arises from the
tarfilemodule's handling of thefilter=parameter during extraction. When set to"data"or"tar", the module allows files to be written outside the intended extraction directory. - The default behavior change in Python 3.14, where
filter=is set to"data", exacerbates the issue for users relying on the default settings.
Exploitation Example:
import tarfile
# Example of a vulnerable extraction
with tarfile.open('malicious.tar', 'r') as tar:
tar.extractall(path='/extract/here', filter='data')
Mitigation Example:
import tarfile
def safe_extract(tar, path=".", members=None):
for member in tar.getmembers():
member_path = os.path.join(path, member.name)
if not is_within_directory(path, member_path):
raise Exception("Attempted Path Traversal in Tar File")
tar.extract(member, path)
def is_within_directory(directory, target):
abs_directory = os.path.abspath(directory)
abs_target = os.path.abspath(target)
prefix = os.path.commonprefix([abs_directory, abs_target])
return prefix == abs_directory
# Example of a safe extraction
with tarfile.open('safe.tar', 'r') as tar:
safe_extract(tar, path='/extract/here')
Conclusion:
CVE-2025-4517 represents a significant risk to systems using Python's tarfile module for extracting untrusted archives. Immediate mitigation strategies include avoiding untrusted archives, implementing custom filtering, and updating Python. Long-term, organizations should focus on securing their software supply chains and conducting regular security audits to prevent similar vulnerabilities.