vulnerability
Rocky Linux: CVE-2025-4435: python39-3.9 (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Dec 18, 2025 | Feb 5, 2026 | Feb 11, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Dec 18, 2025
Added
Feb 5, 2026
Modified
Feb 11, 2026
Description
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
Solutions
rocky-upgrade-cython-debugsourcerocky-upgrade-numpy-debugsourcerocky-upgrade-python-cffi-debugsourcerocky-upgrade-python-cryptography-debugsourcerocky-upgrade-python-lxml-debugsourcerocky-upgrade-python-psutil-debugsourcerocky-upgrade-python-psycopg2-debugsourcerocky-upgrade-python3rocky-upgrade-python3-debugrocky-upgrade-python3-develrocky-upgrade-python3-idlerocky-upgrade-python3-libsrocky-upgrade-python3-testrocky-upgrade-python3-tkinterrocky-upgrade-python3.11rocky-upgrade-python3.11-debugrocky-upgrade-python3.11-debuginforocky-upgrade-python3.11-debugsourcerocky-upgrade-python3.11-develrocky-upgrade-python3.11-idlerocky-upgrade-python3.11-libsrocky-upgrade-python3.11-testrocky-upgrade-python3.11-tkinterrocky-upgrade-python3.12rocky-upgrade-python3.12-debugrocky-upgrade-python3.12-debuginforocky-upgrade-python3.12-debugsourcerocky-upgrade-python3.12-develrocky-upgrade-python3.12-idlerocky-upgrade-python3.12-libsrocky-upgrade-python3.12-testrocky-upgrade-python3.12-tkinterrocky-upgrade-python39rocky-upgrade-python39-cffirocky-upgrade-python39-cffi-debuginforocky-upgrade-python39-cryptographyrocky-upgrade-python39-cryptography-debuginforocky-upgrade-python39-cythonrocky-upgrade-python39-cython-debuginforocky-upgrade-python39-debugrocky-upgrade-python39-debuginforocky-upgrade-python39-debugsourcerocky-upgrade-python39-develrocky-upgrade-python39-idlerocky-upgrade-python39-libsrocky-upgrade-python39-lxmlrocky-upgrade-python39-lxml-debuginforocky-upgrade-python39-mod_wsgirocky-upgrade-python39-numpyrocky-upgrade-python39-numpy-debuginforocky-upgrade-python39-numpy-f2pyrocky-upgrade-python39-psutilrocky-upgrade-python39-psutil-debuginforocky-upgrade-python39-psycopg2rocky-upgrade-python39-psycopg2-debuginforocky-upgrade-python39-psycopg2-docrocky-upgrade-python39-psycopg2-testsrocky-upgrade-python39-pybind11rocky-upgrade-python39-pybind11-develrocky-upgrade-python39-pyyamlrocky-upgrade-python39-pyyaml-debuginforocky-upgrade-python39-scipyrocky-upgrade-python39-scipy-debuginforocky-upgrade-python39-testrocky-upgrade-python39-tkinterrocky-upgrade-pyyaml-debugsourcerocky-upgrade-scipy-debugsource
References
- CVE-2025-4435
- https://attackerkb.com/topics/CVE-2025-4435
- CWE-682
- URL-https://errata.rockylinux.org/RLSA-2025:10026
- URL-https://errata.rockylinux.org/RLSA-2025:10031
- URL-https://errata.rockylinux.org/RLSA-2025:10140
- URL-https://errata.rockylinux.org/RLSA-2025:10148
- URL-https://errata.rockylinux.org/RLSA-2025:10189
- URL-https://errata.rockylinux.org/RLSA-2025:23530
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.