QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-8194

Back to search

CVE-2025-8194

Published: Jul 28, 2025

Modified: Apr 21, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

VendorProductVersions

Python Software Foundation

CPython

affected
0 - < 3.10.19
affected
3.11.0 - < 3.11.14
affected
3.12.0 - < 3.12.12
affected
3.13.0 - < 3.13.6
affected
3.14.0a1 - < 3.14.0rc2

Weaknesses (CWE)

CWE-835

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now