Description
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
EPSS Score:
0%
Comprehensive Technical Analysis of EUVD-2025-16736
1. Vulnerability Assessment and Severity Evaluation
Vulnerability Description:
The vulnerability EUVD-2025-16736 allows arbitrary filesystem writes outside the extraction directory during the extraction of tar archives using the tarfile module in Python. This issue arises when using the TarFile.extractall() or TarFile.extract() methods with the filter="data" parameter.
Severity Evaluation:
The vulnerability has a base score of 9.4 according to CVSS 3.1, which is considered critical. The vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L indicates:
- Attack Vector (AV): Network
- Attack Complexity (AC): Low
- Privileges Required (PR): None
- User Interaction (UI): None
- Scope (S): Unchanged
- Confidentiality (C): High
- Integrity (I): High
- Availability (A): Low
This high severity score underscores the potential for significant impact if exploited.
2. Potential Attack Vectors and Exploitation Methods
Attack Vectors:
- Untrusted Tar Archives: An attacker could craft a malicious tar archive that, when extracted, writes files to arbitrary locations on the filesystem.
- Supply Chain Attacks: Compromised tar archives could be distributed through software repositories or other supply chain mechanisms.
Exploitation Methods:
- Path Traversal: By manipulating the paths within the tar archive, an attacker could write files to sensitive locations, potentially overwriting critical system files or injecting malicious code.
- Privilege Escalation: If the extraction process runs with elevated privileges, the attacker could gain higher-level access to the system.
3. Affected Systems and Software Versions
Affected Versions:
- Python versions 3.12 or later are affected.
- Specifically, Python 3.14 or later has a default
filter="data"setting, making it more susceptible.
Unaffected Versions:
- Python versions earlier than 3.12 do not include the extraction filter feature and are thus unaffected.
4. Recommended Mitigation Strategies
Immediate Mitigation:
- Avoid Using
filter="data": Do not use thefilter="data"parameter when extracting untrusted tar archives. - Manual Inspection: Manually inspect tar archives before extraction, especially if they come from untrusted sources.
- Update Python: Ensure that you are using the latest patched version of Python that addresses this vulnerability.
Long-Term Mitigation:
- Implement Strict Validation: Implement strict validation and sanitization of tar archive contents before extraction.
- Use Secure Extraction Libraries: Consider using alternative libraries or tools that provide more secure extraction mechanisms.
- Regular Audits: Conduct regular security audits of your codebase to identify and mitigate similar vulnerabilities.
5. Impact on European Cybersecurity Landscape
Potential Impact:
- Widespread Use of Python: Given the widespread use of Python in various applications, including web development, data analysis, and scientific computing, this vulnerability could have a broad impact across multiple sectors.
- Supply Chain Risks: The vulnerability could be exploited in supply chain attacks, affecting the integrity and security of software distributions.
- Regulatory Compliance: Organizations must ensure compliance with regulations such as GDPR, which mandates robust security measures to protect personal data.
Mitigation Efforts:
- Collaboration: Collaboration between cybersecurity agencies, software vendors, and the open-source community is crucial to address and mitigate such vulnerabilities.
- Awareness Campaigns: Increase awareness among developers and organizations about the risks associated with untrusted tar archives and the importance of secure coding practices.
6. Technical Details for Security Professionals
Technical Overview:
- TarFile Module: The
tarfilemodule in Python is used to read and write tar archives. The vulnerability arises from the way the module handles extraction with thefilter="data"parameter. - Extraction Filters: The
filterparameter in theTarFile.extractall()andTarFile.extract()methods is used to control the extraction process. The"data"filter is designed to extract only data files, but it inadvertently allows arbitrary filesystem writes.
Code Example:
import tarfile
# Vulnerable code
with tarfile.open('untrusted.tar', 'r') as tar:
tar.extractall(filter="data")
# Secure code
with tarfile.open('untrusted.tar', 'r') as tar:
tar.extractall(filter="no filtering")
References:
Conclusion:
The vulnerability EUVD-2025-16736 poses a significant risk to systems using Python's tarfile module for extracting untrusted tar archives. Immediate mitigation strategies include avoiding the use of the filter="data" parameter and updating to patched versions of Python. Long-term measures involve implementing robust validation mechanisms and regular security audits. Collaboration and awareness campaigns are essential to mitigate the broader impact on the European cybersecurity landscape.