QwikSec

Security Database

CVE

CWE

Training

CVE-2025-47273

Published: May 17, 2025

Modified: May 28, 2025

PUBLISHED

Description

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

Vendor	Product	Versions
pypa	setuptools	affected `< 78.1.1`

Weaknesses (CWE)

References

https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf

x_refsource_CONFIRM

https://github.com/pypa/setuptools/issues/4946

x_refsource_MISC

https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b

x_refsource_MISC

https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.