CVE-2025-6075

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-6075

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6075.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-6075

Aliases

Downstream

DEBIAN-CVE-2025-6075

DLA-4445-1

ECHO-a643-f216-2dc6

MINI-5f54-qcm5-6c7f

MINI-5fcj-rqg4-3pmh

MINI-jc79-x7wh-h7qw

MINI-q66w-gmvc-pfc4

MINI-q8m9-wcpp-cv9m

OESA-2025-2869

RHSA-2025:23342

RHSA-2025:23530

RLSA-2025:23342

RLSA-2025:23530

SUSE-SU-2025:4297-1

SUSE-SU-2025:4352-1

SUSE-SU-2025:4368-1

SUSE-SU-2025:4389-1

UBUNTU-CVE-2025-6075

USN-7886-1

USN-7886-2

openSUSE-SU-2025:15791-1

openSUSE-SU-2025:15792-1

Related

Published

2025-10-31T17:15:48.693Z

Modified

2026-02-07T05:28:31.878711Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Fixed

2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c

Introduced

ebf955df7a89ed0c7968f79faec1de49f61ed7cb

Fixed

57e0d177c26d4a508ef46adae9cbae46fca39f70

Fixed

5dceb93486176e6b4a6d9754491005113eb23427

Introduced

067145177975eadd61a0c907d0d177f7b6a5a3de

Fixed

627894459a84be3488a1789919679c997056a03c

Fixed

631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84

Fixed

892747b4cf0f95ba8beb51c0d0658bfaa381ebca

Fixed

9ab89c026aa9611c4b0b67c288b8303a480fe742

Fixed

9cf6752276e6fcfd0c23fdb064ad27f448aaaf75

Fixed

c8a5f3435c342964e0a432cc9fb448b7dbecd1ba

Fixed

f029e8db626ddc6e3a3beea4eff511a71aaceb5c

Affected versions

v3.*

v3.13.1

v3.13.10

v3.13.2

v3.13.3

v3.13.4

v3.13.5

v3.13.6

v3.13.7

v3.13.8

v3.13.9

v3.14.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6075.json"