vulnerability

Amazon Linux 2023: CVE-2025-6075: Low priority package update for python3.9 (Multiple Advisories)

Try Surface Command
Back to search
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
Oct 31, 2025
Added
Dec 9, 2025
Modified
Dec 9, 2025

Description

If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment
variables.
A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.

Solutions

amazon-linux-2023-upgrade-python3amazon-linux-2023-upgrade-python3-11amazon-linux-2023-upgrade-python3-11-debugamazon-linux-2023-upgrade-python3-11-debuginfoamazon-linux-2023-upgrade-python3-11-debugsourceamazon-linux-2023-upgrade-python3-11-develamazon-linux-2023-upgrade-python3-11-idleamazon-linux-2023-upgrade-python3-11-libsamazon-linux-2023-upgrade-python3-11-testamazon-linux-2023-upgrade-python3-11-tkinteramazon-linux-2023-upgrade-python3-12amazon-linux-2023-upgrade-python3-12-debugamazon-linux-2023-upgrade-python3-12-debuginfoamazon-linux-2023-upgrade-python3-12-debugsourceamazon-linux-2023-upgrade-python3-12-develamazon-linux-2023-upgrade-python3-12-idleamazon-linux-2023-upgrade-python3-12-libsamazon-linux-2023-upgrade-python3-12-testamazon-linux-2023-upgrade-python3-12-tkinteramazon-linux-2023-upgrade-python3-13amazon-linux-2023-upgrade-python3-13-debugamazon-linux-2023-upgrade-python3-13-debuginfoamazon-linux-2023-upgrade-python3-13-debugsourceamazon-linux-2023-upgrade-python3-13-develamazon-linux-2023-upgrade-python3-13-freethreadingamazon-linux-2023-upgrade-python3-13-freethreading-debugamazon-linux-2023-upgrade-python3-13-idleamazon-linux-2023-upgrade-python3-13-libsamazon-linux-2023-upgrade-python3-13-testamazon-linux-2023-upgrade-python3-13-tkinteramazon-linux-2023-upgrade-python3-9-debuginfoamazon-linux-2023-upgrade-python3-9-debugsourceamazon-linux-2023-upgrade-python3-debugamazon-linux-2023-upgrade-python3-develamazon-linux-2023-upgrade-python3-idleamazon-linux-2023-upgrade-python3-libsamazon-linux-2023-upgrade-python3-testamazon-linux-2023-upgrade-python3-tkinteramazon-linux-2023-upgrade-python-unversioned-command

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today