CVE-2025-4330 is classified as a high-severity vulnerability with a CVSS score of 7.5. This vulnerability allows the extraction filter to be ignored, permitting symlink targets to point outside the destination directory and enabling modification of some file metadata. It primarily affects users of the Python tarfile module when extracting untrusted tar archives using `TarFile.extractall()` or `TarFile.extract()` with the `filter=` parameter set to "data" or "tar".
For Python versions 3.14 and later, the default value of `filter=` changed from "no filtering" to "data", which makes those relying on the new default behavior also vulnerable. While these vulnerabilities do not significantly impact the installation of source distributions, it is crucial to avoid installing any suspicious source distributions as they may lead to arbitrary code execution.
Organizations should prioritize patching immediately to mitigate risks associated with this vulnerability. The potential impact includes unauthorized access to sensitive files and modification of critical file metadata.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)