Description

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

INFO

Published Date :

2025-10-31T16:41:34.983Z

Last Modified :

2025-10-31T17:55:40.240Z

Source :

PSF
AFFECTED PRODUCTS

The following products are affected by CVE-2025-6075 vulnerability.

Vendors Products
Python
  • Cpython
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6075.

URL Resource
https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c cve-icon cve-icon
https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84 cve-icon cve-icon
https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca cve-icon cve-icon
https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742 cve-icon cve-icon
https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba cve-icon cve-icon
https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c cve-icon cve-icon
https://github.com/python/cpython/issues/136065 cve-icon cve-icon cve-icon
https://mail.python.org/archives/list/[email protected]/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-6075 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-6075 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact