VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-w518-7svn-ybfu

Essentials
Severities (85)
References (24)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-w518-7svn-ybfu
Aliases	CVE-2025-0938
Summary	python: cpython: URL parser allowed square brackets in domain names
Status	Published
Exploitability	0.5
Weighted Severity	6.1
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-20

Improper Input Validation

System	Score	Found at
cvssv3	6.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0938.json
epss	0.00606	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00606	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00606	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00606	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00606	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00606	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00606	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00606	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00606	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00707	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00707	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00707	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00707	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00707	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00707	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01024	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
epss	0.01159	https://api.first.org/data/v1/epss?cve=CVE-2025-0938
cvssv3.1	4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv4	6.3	https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba
ssvc	Track	https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba
cvssv4	6.3	https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403
ssvc	Track	https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403
cvssv4	6.3	https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568
ssvc	Track	https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568
cvssv4	6.3	https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab
ssvc	Track	https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab
cvssv4	6.3	https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a
ssvc	Track	https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a
cvssv4	6.3	https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32
ssvc	Track	https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32
cvssv4	6.3	https://github.com/python/cpython/issues/105704
ssvc	Track	https://github.com/python/cpython/issues/105704
cvssv4	6.3	https://github.com/python/cpython/pull/129418
ssvc	Track	https://github.com/python/cpython/pull/129418
cvssv4	6.3	https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/
ssvc	Track	https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0938.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-0938
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0938
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20250314-0002/
105704		https://github.com/python/cpython/issues/105704
129418		https://github.com/python/cpython/pull/129418
2343237		https://bugzilla.redhat.com/show_bug.cgi?id=2343237
526617ed68cde460236c973e5d0a8bad4de896ba		https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba
90e526ae67b172ed7c6c56e7edad36263b0f9403		https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403
a7084f6075c9595ba60119ce8c62f1496f50c568		https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568
b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab		https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab
CVE-2025-0938		https://nvd.nist.gov/vuln/detail/CVE-2025-0938
d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a		https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a
ff4e5c25666f63544071a6b075ae8b25c98b7a32		https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32
K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB		https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/
RHSA-2025:6977		https://access.redhat.com/errata/RHSA-2025:6977
RHSA-2025:7107		https://access.redhat.com/errata/RHSA-2025:7107
RHSA-2025:7109		https://access.redhat.com/errata/RHSA-2025:7109
RHSA-2025:8385		https://access.redhat.com/errata/RHSA-2025:8385
USN-7280-1		https://usn.ubuntu.com/7280-1/
USN-7280-2		https://usn.ubuntu.com/7280-2/
USN-7348-1		https://usn.ubuntu.com/7348-1/
USN-7348-2		https://usn.ubuntu.com/7348-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0938.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/ Found at https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/ Found at https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/ Found at https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/ Found at https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/ Found at https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/ Found at https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://github.com/python/cpython/issues/105704

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/ Found at https://github.com/python/cpython/issues/105704

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://github.com/python/cpython/pull/129418

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/ Found at https://github.com/python/cpython/pull/129418

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N Found at https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:16Z/ Found at https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/

Exploit Prediction Scoring System (EPSS)

Percentile	0.67143
EPSS Score	0.00606
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-03-28T05:42:46.288667+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0938.json	36.0.0