Description

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

INFO

Published Date :

2025-05-17T15:46:11.399Z

Last Modified :

2025-05-28T15:03:15.516Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47273 vulnerability.

Vendors Products
Debian
  • Debian Linux
Python
  • Setuptools
Redhat
  • Enterprise Linux
  • Rhdh
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47273.

URL Resource
https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 cve-icon cve-icon cve-icon
https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b cve-icon cve-icon cve-icon
https://github.com/pypa/setuptools/issues/4946 cve-icon cve-icon cve-icon cve-icon
https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-47273 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-47273 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact