How to fix CVE-2025-4330?

Within 24 hours: Identify all applications and services using Python's tarfile.extractall() or tarfile.extract() methods, particularly those processing external or user-supplied tar archives. Within 7 days: Implement compensating controls (input validation, sandboxing, disable filter parameters) and review extraction code for affected filter values ('data' or 'tar'). Within 30 days: Upgrade to a patched Python version when available and conduct security testing of all affected extraction workflows.

Is Python affected by CVE-2025-4330?

A high-severity vulnerability in Python's tarfile module (CVE-2025-4330) allows attackers to bypass extraction security filters and potentially write files outside intended directories when processing untrusted tar archives.

CVE-2025-4330

EUVD-2025-16737 HIGH

2025-06-03 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16737

CVE Published

Jun 03, 2025 - 13:15 nvd

HIGH 7.5

Description

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Analysis

Path traversal vulnerability in Python's tarfile module extraction filters that allows attackers to bypass the 'data' and 'tar' filter protections, enabling symlink targets to point outside the extraction directory and permitting modification of file metadata. This affects any application using TarFile.extractall() or TarFile.extract() with filter='data' or filter='tar' on untrusted tar archives, as well as Python 3.14+ users relying on the new 'data' default filter. The vulnerability has a CVSS score of 7.5 (High) with high integrity impact, though exploitation requires an attacker to control the tar archive contents.

Technical Context

The Python tarfile module is the standard library for reading and writing tar archives. The vulnerability exists in the extraction filter mechanism introduced to prevent path traversal attacks (CWE-22: Improper Limitation of a Pathname to a Restricted Directory). The 'data' and 'tar' filters were designed to prevent symlink/hardlink targets from escaping the destination directory and to restrict metadata modifications. This CVE reveals that the filter implementation can be circumvented, allowing attackers to craft malicious tar archives where symlinks point to arbitrary locations on the filesystem and metadata (permissions, ownership timestamps) can be altered despite the filters being active. The root cause is CWE-22 (Path Traversal), indicating insufficient validation of symlink destinations and metadata constraints during extraction.

Affected Products

Python tarfile module in versions supporting extraction filters (Python 3.11.4+, 3.12.0+, 3.13.0+ where filters were introduced). Specifically affected: (1) Any Python 3.11.4, 3.12.0, 3.13.0+ application using TarFile.extractall(filter='data') or TarFile.extractall(filter='tar'); (2) Python 3.14+ applications not explicitly setting filter parameter (new default 'data' filter); (3) All operating systems running affected Python versions (CPE scope: cpe:2.3:a:python:python:*). Third-party applications affected include: pip (if using tarfile for source distribution extraction), conda, artifact management systems, container image extraction tools, and any software performing untrusted tar extraction. The vulnerability does NOT significantly affect source distribution installation since build processes already permit arbitrary code execution.

Remediation

Immediate mitigation: (1) For Python <3.14: Explicitly specify filter='utf8' or filter=None with strict path validation instead of filter='data' or filter='tar' until patches are available; (2) For Python 3.14+: Explicitly set filter='utf8' instead of relying on new 'data' default; (3) Implement application-level validation of extracted paths and symlink targets before extraction; (4) Apply Python security updates once released (consult https://www.python.org/downloads/security/ for patch availability—CVE-2025-4330 details will be published with version-specific fixes); (5) Avoid extracting untrusted tarballs or use sandboxing/containerization to limit symlink/metadata modification impact. Long-term: Update to patched Python versions when released; audit all tarfile usage in codebases to ensure appropriate filter selection based on trust model.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +38

POC: 0

Vendor Status

Ubuntu

Priority: Medium

python2.7

Release	Status	Version
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
bionic	not-affected	code not present
focal	not-affected	code not present
jammy	not-affected	code not present
trusty	not-affected	code not present
xenial	not-affected	code not present
questing	DNE	-

python3.4

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
trusty	not-affected	code not present
questing	DNE	-

python3.5

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
trusty	not-affected	code not present
xenial	not-affected	code not present
questing	DNE	-

python3.6

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
bionic	not-affected	code not present
questing	DNE	-

python3.7

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
bionic	not-affected	code not present
questing	DNE	-

python3.8

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
bionic	not-affected	code not present
focal	not-affected	code not present
questing	DNE	-

python3.9

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
focal	not-affected	code not present
questing	DNE	-

python3.10

Release	Status	Version
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
jammy	not-affected	code not present
questing	DNE	-

python3.11

Release	Status	Version
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
jammy	not-affected	code not present
questing	DNE	-

python3.12

Release	Status	Version
jammy	DNE	-
noble	released	3.12.3-1ubuntu0.7
oracular	released	3.12.7-1ubuntu2.2
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

python3.13

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	released	3.13.0-1ubuntu0.3
plucky	released	3.13.3-1ubuntu0.2
upstream	released	3.13.4
questing	not-affected	3.13.5

python3.14

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	released	3.14.0b3
questing	released	3.14.0-1

USN-7583-1

Debian

jython

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.7.2+repack1-3	-
forky, sid, bookworm, trixie	fixed	2.7.3+repack1-1	-
(unstable)	not-affected	-	-

pypy3

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bullseye (security)	fixed	7.3.5+dfsg-2+deb11u5	-
bookworm	vulnerable	7.3.11+dfsg-2+deb12u3	-
trixie	vulnerable	7.3.19+dfsg-2	-
forky, sid	fixed	7.3.20+dfsg-4	-
experimental	fixed	7.3.20+dfsg-1	-
(unstable)	fixed	7.3.20+dfsg-2	-

python2.7

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.7.18-8+deb11u1	-
(unstable)	not-affected	-	-

python3.11

Release	Status	Fixed Version	Urgency
bookworm	not-affected	-	-
bookworm (security)	fixed	3.11.2-6+deb12u3	-
(unstable)	fixed	(unfixed)	-

python3.13

Release	Status	Fixed Version	Urgency
trixie	fixed	3.13.5-2	-
forky, sid	fixed	3.13.12-1	-
(unstable)	fixed	3.13.4-1	-

python3.9

Release	Status	Fixed Version	Urgency
bullseye	fixed	3.9.2-1	-
bullseye (security)	fixed	3.9.2-1+deb11u5	-
(unstable)	not-affected	-	-

python3.12

Release	Status	Fixed Version	Urgency
(unstable)	fixed	(unfixed)	-

CVE-2025-4330 vulnerability details – vuln.today

Back

CVE-2025-4330

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-4330

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code