Which versions of Python are affected by CVE-2025-8672?

CVE-2025-8672 presents moderate security risk, a incorrect default permissions vulnerability rated CVSS 4.8. Attackers could gain access beyond their authorized level.. A patch is available.

How to fix or mitigate CVE-2025-8672?

During next maintenance window: Identify affected systems and apply vendor patches when convenient. Review and tighten file/resource permissions.

Python CVE-2025-8672

Q: What is the CVSS score of CVE-2025-8672?

CVE-2025-8672 has a CVSS 4.0 base score of 4.8 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

MEDIUM

Incorrect Default Permissions (CWE-276)

2025-08-11 cvd@cert.pl

Python Apple Privilege Escalation Gimp macOS Suse

4.8

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

4.8 MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

SUSE

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch released

Apr 09, 2026 - 08:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 19:06 vuln.today

CVE Published

Aug 11, 2025 - 13:15 nvd

MEDIUM 4.8

DescriptionCVE.org

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent.

This issue has been fixed in 3.1.4.2 version of GIMP.

AnalysisAI

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent. This issue has been fixed in 3.1.4.2 version of GIMP. Affected products include: Gimp.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.

More from same product – last 7 days

CVE-2026-48039 CRITICAL Act Now POC

9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac

CVE-2026-45833 CRITICAL Act Now

9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U

CVE-2026-48031 CRITICAL Act Now

9.1 Jun 10

Authentication bypass in dhax/go-base Go REST API boilerplate (versions prior to commit cc82b974, merged May 17, 2026) a

CVE-2026-11393 HIGH This Week

8.8 Jun 08

Remote code execution in AWS AgentCore CLI before v0.14.2 allows authenticated attackers to inject Python code via craft

CVE-2026-20251 HIGH This Week

8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

Vendor StatusVendor

SUSE

Severity: High

Product	Status
SUSE Linux Enterprise Desktop 15 SP7	Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7	Fixed
SUSE Linux Enterprise Server 15 SP7	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7	Fixed
SUSE Linux Enterprise Workstation Extension 15 SP7	Fixed

CVE-2025-8672 vulnerability details – vuln.today

Back

openSUSE Leap 15.6	Fixed
SUSE Linux Enterprise Server 15 SP4	Fixed
SUSE Linux Enterprise Server 15 SP5	Fixed
SUSE Linux Enterprise Server 15 SP6	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP6	Fixed
SUSE Linux Enterprise Desktop 15 SP4	Fixed
SUSE Linux Enterprise Desktop 15 SP5	Fixed
SUSE Linux Enterprise Desktop 15 SP6	Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP4	Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5	Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP4	Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP5	Fixed
SUSE Linux Enterprise Workstation Extension 15 SP4	Fixed
SUSE Linux Enterprise Workstation Extension 15 SP5	Fixed
SUSE Linux Enterprise Workstation Extension 15 SP6	Fixed
openSUSE Leap 15.4	Fixed
openSUSE Leap 15.5	Fixed

Python CVE-2025-8672

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code