Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-huaj-nmge-kuaj
Vulnerability ID VCID-huaj-nmge-kuaj
Aliases CVE-2025-4330
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
cvssv3 7.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json
epss 0.01012 https://api.first.org/data/v1/epss?cve=CVE-2025-4330
epss 0.01012 https://api.first.org/data/v1/epss?cve=CVE-2025-4330
epss 0.01012 https://api.first.org/data/v1/epss?cve=CVE-2025-4330
cvssv3.1 8.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
ssvc Track https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
cvssv3.1 7.5 https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
ssvc Track https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
cvssv3.1 7.5 https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
ssvc Track https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
cvssv3.1 7.5 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
ssvc Track https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
cvssv3.1 7.5 https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
ssvc Track https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
cvssv3.1 7.5 https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
ssvc Track https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
cvssv3.1 7.5 https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
ssvc Track https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
cvssv3.1 7.5 https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
ssvc Track https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
cvssv3.1 7.5 https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
ssvc Track https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
cvssv3.1 7.5 https://github.com/python/cpython/issues/135034
ssvc Track https://github.com/python/cpython/issues/135034
cvssv3.1 7.5 https://github.com/python/cpython/pull/135037
ssvc Track https://github.com/python/cpython/pull/135037
cvssv3.1 7.5 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
ssvc Track https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json
https://api.first.org/data/v1/epss?cve=CVE-2025-4330
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
135034 https://github.com/python/cpython/issues/135034
135037 https://github.com/python/cpython/pull/135037
19de092debb3d7e832e5672cc2f7b788d35951da https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
2370014 https://bugzilla.redhat.com/show_bug.cgi?id=2370014
28463dba112af719df1e8b0391c46787ad756dd9 https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
52398e33eff261329a0180ac1d54f42f https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
9c1110ef6652687d7c55f590f909720eddde965a https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
aa9eb5f757ceff461e6e996f12c89e5d9b583b01 https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
dd8f187d0746da151e0025c51680979ac5b4cfb1 https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
GLSA-202506-07 https://security.gentoo.org/glsa/202506-07
MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
RHSA-2025:10026 https://access.redhat.com/errata/RHSA-2025:10026
RHSA-2025:10028 https://access.redhat.com/errata/RHSA-2025:10028
RHSA-2025:10031 https://access.redhat.com/errata/RHSA-2025:10031
RHSA-2025:10128 https://access.redhat.com/errata/RHSA-2025:10128
RHSA-2025:10136 https://access.redhat.com/errata/RHSA-2025:10136
RHSA-2025:10140 https://access.redhat.com/errata/RHSA-2025:10140
RHSA-2025:10148 https://access.redhat.com/errata/RHSA-2025:10148
RHSA-2025:10189 https://access.redhat.com/errata/RHSA-2025:10189
RHSA-2025:10399 https://access.redhat.com/errata/RHSA-2025:10399
RHSA-2025:10484 https://access.redhat.com/errata/RHSA-2025:10484
RHSA-2025:10602 https://access.redhat.com/errata/RHSA-2025:10602
RHSA-2025:13267 https://access.redhat.com/errata/RHSA-2025:13267
RHSA-2025:23530 https://access.redhat.com/errata/RHSA-2025:23530
RHSA-2025:9918 https://access.redhat.com/errata/RHSA-2025:9918
USN-7583-1 https://usn.ubuntu.com/7583-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/issues/135034
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/issues/135034
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/python/cpython/pull/135037
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://github.com/python/cpython/pull/135037
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/ Found at https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
Exploit Prediction Scoring System (EPSS)
Percentile 0.77549
EPSS Score 0.01012
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:13:19.754734+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 38.6.0