Back to search
CVE-2025-6075
Published: Oct 31, 2025
Modified: Mar 3, 2026
PUBLISHED
Description
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
| Vendor | Product | Versions |
|---|---|---|
Python Software Foundation | CPython | affected 0 - < 3.10.20affected 3.11.0 - < 3.11.15affected 3.12.0 - < 3.12.13affected 3.13.0 - < 3.13.10affected 3.14.0 - < 3.14.1+1 more versions |
References
https://github.com/python/cpython/issues/136065
issue-tracking
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now