CVE-2025-6075
MEDIUM WAF: Medium
CVSS 5.5
Published: 2025-10-31
CWE-400
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| python | python | up to 3.9.0 |
| python | python | 3.13.1 - 3.13.11 |
| python | python | 3.14.0 - 3.14.1 |
| python | python | 3.15.0 |
References
- github.com (Patch)
- github.com (Patch)
- github.com (Patch)
- github.com (Patch)
- github.com (Patch)
- github.com (Patch)
- github.com (Patch)
- github.com (Issue Tracking, Vendor Advisory)
- mail.python.org (Third Party Advisory)