CVE-2025-71176

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-71176
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71176.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-71176
Aliases
Downstream
Related
Published
2026-01-22T05:16:17.577Z
Modified
2026-05-02T08:14:14.487148735Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.

References

Affected packages

Git / github.com/pytest-dev/pytest

Affected ranges

Type
GIT
Repo
https://github.com/pytest-dev/pytest
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3d10b5148e03eb82b3ee29181dbdc73cf82699e2
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.2"
        }
    ]
}

Affected versions

1.*
1.0.0b3
1.1.0
1.1.1
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.1.2
2.1.3
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.4.0
2.4.1
2.4.2
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.6.3
2.7.0
2.8.0
2.8.1
2.8.2
2.8.3
2.8.5
3.*
3.1.3
6.*
6.2.0.dev0
6.3.0.dev0
7.*
7.1.0.dev0
7.2.0.dev0
7.4.0.dev0
8.*
8.0.0.dev0
8.1.0.dev0
8.2.0.dev0
8.3.0
8.3.0.dev0
8.5.0.dev0
9.*
9.0.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71176.json"