vulnerability
Oracle Linux: CVE-2025-6075: ELSA-2025-23342: python3.9 security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:N/A:P) | Oct 31, 2025 | Dec 22, 2025 | Dec 29, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
Oct 31, 2025
Added
Dec 22, 2025
Modified
Dec 29, 2025
Description
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment
variables.
A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.
performance degradation is possible when expanding environment
variables.
A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.
Solutions
oracle-linux-upgrade-python3oracle-linux-upgrade-python39oracle-linux-upgrade-python39-attrsoracle-linux-upgrade-python39-cffioracle-linux-upgrade-python39-chardetoracle-linux-upgrade-python39-cryptographyoracle-linux-upgrade-python39-cythonoracle-linux-upgrade-python39-debugoracle-linux-upgrade-python39-develoracle-linux-upgrade-python39-idleoracle-linux-upgrade-python39-idnaoracle-linux-upgrade-python39-iniconfigoracle-linux-upgrade-python39-libsoracle-linux-upgrade-python39-lxmloracle-linux-upgrade-python39-mod-wsgioracle-linux-upgrade-python39-more-itertoolsoracle-linux-upgrade-python39-numpyoracle-linux-upgrade-python39-numpy-docoracle-linux-upgrade-python39-numpy-f2pyoracle-linux-upgrade-python39-packagingoracle-linux-upgrade-python39-piporacle-linux-upgrade-python39-pip-wheeloracle-linux-upgrade-python39-pluggyoracle-linux-upgrade-python39-plyoracle-linux-upgrade-python39-psutiloracle-linux-upgrade-python39-psycopg2oracle-linux-upgrade-python39-psycopg2-docoracle-linux-upgrade-python39-psycopg2-testsoracle-linux-upgrade-python39-pyoracle-linux-upgrade-python39-pybind11oracle-linux-upgrade-python39-pybind11-develoracle-linux-upgrade-python39-pycparseroracle-linux-upgrade-python39-pymysqloracle-linux-upgrade-python39-pyparsingoracle-linux-upgrade-python39-pysocksoracle-linux-upgrade-python39-pytestoracle-linux-upgrade-python39-pyyamloracle-linux-upgrade-python39-requestsoracle-linux-upgrade-python39-rpm-macrosoracle-linux-upgrade-python39-scipyoracle-linux-upgrade-python39-setuptoolsoracle-linux-upgrade-python39-setuptools-wheeloracle-linux-upgrade-python39-sixoracle-linux-upgrade-python39-testoracle-linux-upgrade-python39-tkinteroracle-linux-upgrade-python39-tomloracle-linux-upgrade-python39-urllib3oracle-linux-upgrade-python39-wcwidthoracle-linux-upgrade-python39-wheeloracle-linux-upgrade-python39-wheel-wheeloracle-linux-upgrade-python3-debugoracle-linux-upgrade-python3-develoracle-linux-upgrade-python3-idleoracle-linux-upgrade-python3-libsoracle-linux-upgrade-python3-testoracle-linux-upgrade-python3-tkinteroracle-linux-upgrade-python-unversioned-command
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.