What is the CVSS score of CVE-2025-71176?

CVE-2025-71176 has a CVSS 3.1 base score of 6.8 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by CVE-2025-71176?

CVE-2025-71176 presents notable security risk rated CVSS 6.8. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2025-71176?

Yes, a public proof-of-concept exploit is available for CVE-2025-71176. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-71176?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Red Hat CVE-2025-71176

MEDIUM

Creation of Temporary File in Directory with Insecure Permissions (CWE-379)

2026-01-22 cve@mitre.org

Denial Of Service Red Hat Suse

6.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch released

Apr 09, 2026 - 08:30 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 22, 2026 - 05:16 nvd

MEDIUM 6.8

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

13,690 pypi packages depend on pytest (9,654 direct, 4,223 indirect)

Ecosystem-wide dependent count for version 9.0.3.

DescriptionNVD

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.

AnalysisAI

pytest versions up to 9.0.2 contains a vulnerability that allows attackers to cause a denial of service or possibly gain privileges (CVSS 6.8).

Technical ContextAI

affects pytest. pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.