CVE-2025-6075

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-6075

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6075.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-6075

Aliases

Downstream

DEBIAN-CVE-2025-6075

DLA-4445-1

ECHO-a643-f216-2dc6

MINI-5f54-qcm5-6c7f

MINI-5fcj-rqg4-3pmh

MINI-jc79-x7wh-h7qw

MINI-q66w-gmvc-pfc4

MINI-q8m9-wcpp-cv9m

OESA-2025-2869

RHSA-2025:23342

RHSA-2025:23530

RLSA-2025:23342

RLSA-2025:23530

ROOT-OS-DEBIAN-12-CVE-2025-6075

ROOT-OS-DEBIAN-13-CVE-2025-6075

SUSE-SU-2025:21199-1

SUSE-SU-2025:21207-1

SUSE-SU-2025:4221-1

SUSE-SU-2025:4257-1

SUSE-SU-2025:4257-2

SUSE-SU-2025:4258-1

SUSE-SU-2025:4277-1

SUSE-SU-2025:4297-1

SUSE-SU-2025:4352-1

SUSE-SU-2025:4368-1

SUSE-SU-2025:4389-1

SUSE-SU-2025:4398-1

SUSE-SU-2025:4487-1

SUSE-SU-2026:0268-1

SUSE-SU-2026:0337-1

SUSE-SU-2026:0663-1

SUSE-SU-2026:20125-1

SUSE-SU-2026:20154-1

SUSE-SU-2026:20768-1

SUSE-SU-2026:20796-1

UBUNTU-CVE-2025-6075

USN-7886-1

USN-7886-2

openSUSE-SU-2025:15742-1

openSUSE-SU-2025:15748-1

openSUSE-SU-2025:15750-1

openSUSE-SU-2025:15760-1

openSUSE-SU-2025:15768-1

openSUSE-SU-2025:15791-1

openSUSE-SU-2025:15792-1

openSUSE-SU-2026:20081-1

Related

Published

2025-10-31T17:15:48.693Z

Modified

2026-03-25T17:44:18.851816Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type

GIT

Repo

https://github.com/python/cpython

Events

Introduced

Fixed

9cf6752276e6fcfd0c23fdb064ad27f448aaaf75

Introduced

067145177975eadd61a0c907d0d177f7b6a5a3de

Fixed

627894459a84be3488a1789919679c997056a03c

Introduced

ebf955df7a89ed0c7968f79faec1de49f61ed7cb

Fixed

57e0d177c26d4a508ef46adae9cbae46fca39f70

Fixed

2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c

Fixed

5dceb93486176e6b4a6d9754491005113eb23427

Fixed

631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84

Fixed

892747b4cf0f95ba8beb51c0d0658bfaa381ebca

Fixed

9ab89c026aa9611c4b0b67c288b8303a480fe742

Fixed

c8a5f3435c342964e0a432cc9fb448b7dbecd1ba

Fixed

f029e8db626ddc6e3a3beea4eff511a71aaceb5c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.9.0"
        },
        {
            "introduced": "3.13.1"
        },
        {
            "fixed": "3.13.11"
        },
        {
            "introduced": "3.14.0"
        },
        {
            "fixed": "3.14.1"
        }
    ]
}

Affected versions

v3.*

v3.13.1

v3.13.10

v3.13.2

v3.13.3

v3.13.4

v3.13.5

v3.13.6

v3.13.7

v3.13.8

v3.13.9

v3.14.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.15.0-alpha1"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6075.json"