Insecure Temporary File (CWE-377)
2025-06-26
security@debian.org
3.9
CVSS 3.1 · NVD
Severity by source
NVD
PRIMARY
3.9
LOW
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Ubuntu
MEDIUM
qualitative
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Lifecycle Timeline
4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 23:54 euvd
EUVD-2015-0860
Analysis Generated
Mar 15, 2026 - 23:54 vuln.today
CVE Published
Jun 26, 2025 - 22:15 nvd
LOW 3.9
DescriptionCVE.org
pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
Analysis
pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
Technical ContextAI
This vulnerability is classified as Insecure Temporary File (CWE-377).
RemediationAI
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
Same weakness CWE-377 – Insecure Temporary File
View allSame technique Information Disclosure
View allVendor StatusVendor
Ubuntu
Priority: Mediumpycode-browser
| Release | Status | Version |
|---|---|---|
| bionic | not-affected | 1:1.0-2 |
| cosmic | not-affected | 1:1.0-2 |
| disco | not-affected | 1:1.0-2 |
| precise | DNE | - |
| upstream | released | 1:1.0-1 |
| utopic | ignored | end of life |
| vivid | ignored | end of life |
| wily | not-affected | 1:1.0-2 |
| xenial | not-affected | 1:1.0-2 |
| yakkety | not-affected | 1:1.0-2 |
| zesty | not-affected | 1:1.0-2 |
| artful | not-affected | 1:1.0-2 |
| trusty | DNE | trusty/esm was DNE [trusty was needed] |
Debian
Bug #790365pycode-browser
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 1:1.02+git20181006-5 | - |
| bookworm | fixed | 1:1.03-1 | - |
| forky, sid, trixie | fixed | 1:1.03-3 | - |
| (unstable) | fixed | 1:1.0-1 | unimportant |
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).
EUVD-2015-0860