{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-4435","assignerOrgId":"28c92f92-d60d-412d-b760-e73465c3df22","state":"PUBLISHED","assignerShortName":"PSF","dateReserved":"2025-05-08T15:05:11.874Z","datePublished":"2025-06-03T12:59:06.792Z","dateUpdated":"2026-04-21T20:16:34.166Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["tarfile"],"product":"CPython","repo":"https://github.com/python/cpython","vendor":"Python Software Foundation","versions":[{"version":"0","lessThan":"3.10.18","status":"affected","versionType":"python"},{"version":"3.11.0","lessThan":"3.11.13","status":"affected","versionType":"python"},{"version":"3.12.0","lessThan":"3.12.11","status":"affected","versionType":"python"},{"version":"3.13.0","lessThan":"3.13.4","status":"affected","versionType":"python"},{"version":"3.14.0a1","lessThan":"3.14.0b3","status":"affected","versionType":"python"}]}],"credits":[{"lang":"en","type":"reporter","value":"Chuck Woodraska"},{"lang":"en","type":"remediation developer","value":"Petr Viktorin"},{"lang":"en","type":"remediation developer","value":"Serhiy Storchaka"},{"lang":"en","type":"remediation reviewer","value":"Hugo van Kemenade"},{"lang":"en","type":"remediation reviewer","value":"Łukasz Langa"},{"lang":"en","type":"remediation reviewer","value":"Thomas Wouters"},{"lang":"en","type":"coordinator","value":"Seth Larson"},{"lang":"en","type":"remediation developer","value":"Matt Prodani"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">When using a </span><code>TarFile.errorlevel = 0</code><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of </span><code>TarFile.errorlevel = 0</code><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;in affected versions is that the member would still be extracted and not skipped.</span><br>"}],"value":"When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"28c92f92-d60d-412d-b760-e73465c3df22","shortName":"PSF","dateUpdated":"2026-04-21T20:16:34.166Z"},"references":[{"tags":["issue-tracking"],"url":"https://github.com/python/cpython/issues/135034"},{"tags":["patch"],"url":"https://github.com/python/cpython/pull/135037"},{"tags":["vendor-advisory"],"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"tags":["patch"],"url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"}],"source":{"discovery":"UNKNOWN"},"title":"Tarfile extracts filtered members when errorlevel=0","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-682","lang":"en","description":"CWE-682 Incorrect Calculation"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-03T13:58:00.099450Z","id":"CVE-2025-4435","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-03T14:34:40.228Z"}}]}}