vulnerability

FreeBSD: VID-475D1968-F99D-11EF-B382-B0416F0C4C67 (CVE-2025-27154): Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:C/I:C/A:N)	Feb 27, 2025	Mar 6, 2025	Apr 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:N)

Published

Feb 27, 2025

Added

Mar 6, 2025

Modified

Apr 11, 2025

Description

Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions.

Solutions

freebsd-upgrade-package-py310-spotipyfreebsd-upgrade-package-py311-spotipyfreebsd-upgrade-package-py38-spotipyfreebsd-upgrade-package-py39-spotipy

References

NVD-CVE-2025-27154

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today