CVE-2025-47273

Published May 17, 2025

Last updated 10 months ago

CVSS high 7.7
Splunk

Overview

Description
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
Source
security-advisories@github.com
NVD status
Analyzed
Products
setuptools, debian_linux

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score
Not currently trending

  1. I just solved VariaType on Hack The Box! 最初のリバーすシェルを取るための列挙 リバーすシェルを取った後のcronジョブの解析 CVE-2025-47273による権限昇格  勉強になりました https://t.co/yC03LUoiwf #HackTheBox #HTB #CyberSecurity

    @qrdgA5za3jgwPCf

    21 Mar 2026

    144 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Security Advisory: Multiple critical vulnerabilities identified in #Python pip package manager (CVE-2025-47273+, USN-8010-1). Affects #Ubuntu LTS releases 16.04-20.04. Read more: 👉 https://t.co/tIWLiW1lNy #Security https://t.co/eFjSLofq2k

    @Cezar_H_Linux

    9 Feb 2026

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-47273: Critical Python setuptools vuln in OL9 (ELSA-2025-12834). ⚠️ Risk: Build pipeline compromise via malicious packages ✅ Patch: python3.12-setuptools-68.2.2-5.el9_6 ⏬ DL: https://t.co/YwmsKMu73Q Read more: 👉 https://t.co/5TWB0IzHn6 htt

    @Cezar_H_Linux

    8 Aug 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🔓 CVE-2025-47273: Moderate-risk flaw in #OracleLinux7 python3-setuptools (CVSS 6.8). ⚠️ Allows arbitrary code execution via poisoned packages. 🛠️ PATCH NOW: yum install python3-setuptools-39.2.0-10.0.5.el7 Read more: 👉 https://t.co/jFXqkXlkm2 https://t.co/4fe028Go

    @Cezar_H_Linux

    6 Aug 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Critical Oracle Linux 9 patch: ELSA-2025-11463 fixes fence-agents DoS flaw (CVE-2025-47273). Impacts HA clusters! 🔧 Patches: KubeVirt power hardening + 43 RPMs ⏱️ Patch NOW to prevent failover failures: Read more: 👉 https://t.co/aft2RY11yS #LinuxSecurity #SysAdm

    @Cezar_H_Linux

    23 Jul 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. URGENT: #Fedora41’s PyPy update fixes: CVE-2025-47273 (Path traversal) CVE-2024-47081 (.netrc leak) CVE-2025-50181 (urllib3 redirects) Update: sudo dnf upgrade --advisory FEDORA-2025-9b8da6ad7e Read more:👉 https://t.co/57SitW9GHj #DevSecOps https://t.co/65THK56L34

    @Cezar_H_Linux

    20 Jul 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. URGENT: Fedora 42 #CVE-2025-47273 patch drops for MinGW-Python setuptools. Exploits allow SYSTEM FILE OVERWRITES. Read more: 👉 https://t.co/F1F8qsqsM2 #LinuxSecurity #Infosec https://t.co/WtiiyWa3aj

    @Cezar_H_Linux

    23 Jun 2025

    24 Impressions

    1 Retweet

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. 🚨 CVE-2025-47273 Alert 🚨 Critical path traversal vuln in #Fedora42's python-setuptools patched. Risk: malicious packages could escape their directories. Update NOW: sudo dnf upgrade --advisory FEDORA-2025-1c17f3520b Read more: 👉 https://t.co/4i7tywFAK3 #LinuxSecurity #Py

    @Cezar_H_Linux

    19 Jun 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 CVE-2025-47273 exposes Python setup tools, risking arbitrary file writes and remote code execution. Outdated Docker images using version 65.5.1 are vulnerable. Upgrade to 78.1.1 to stay secure. 🔐 #Python #Security #US https://t.co/2UOL6Bnh5P

    @TweetThreatNews

    14 Jun 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 CVE-2025-47273 Alert! High-severity flaw in python310-setuptools (CVSS 7.7) affects SUSE Linux. Patch via: zypper in -t patch [version] Read more: 👉 https://t.co/pVrLKIMD6U #LinuxSecurity #DevOps https://t.co/yFgO8E9lm7

    @Cezar_H_Linux

    27 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚀 URGENT: Patch Python Setuptools now! CVE-2025-47273 (CVSS 7.7) lets attackers write arbitrary files via path traversal. Affects: ✅ SUSE Linux 15 SP4-SP6 ✅ openSUSE Leap 15.4/15.6 ✅ Cloud Modules Read more: 👉 https://t.co/67vDthBv8Q #InfoSec #LinuxSecurity http

    @Cezar_H_Linux

    27 May 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 CVE-2025-47273 Alert! Python-setuptools path traversal flaw (CVSS 7.7) allows arbitrary file writes in SUSE Linux 12, HPC, and SAP systems. Patch now: Read more: 👉 https://t.co/gwVckvrFCK #Infosec #Python #LinuxSecurity https://t.co/cuSXabuF9d

    @Cezar_H_Linux

    24 May 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. ‼️ CVE-2025-47273 Alert ‼️ #PythonSetuptools has a path traversal bug (CVSS 7.7) affecting #SUSE Linux. Attackers can overwrite files remotely—patch ASAP! 📌 Read more: 👉https://t.co/D2GFO0fmme #Infosec #SysAdmin https://t.co/FFNSmpP8NX

    @Cezar_H_Linux

    24 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ちょっと放置してたけどCVE-2025-47273対応setuptools==78.1.1へ。

    @sanmamama_

    21 May 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-47273 setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is pre… https://t.co/CDHPUhbCOa

    @CVEnew

    17 May 2025

    489 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory.CVE-2026-20204
  2. A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.CVE-2026-4775
  3. AWStats 8.0 is vulnerable to Command Injection via the open functionCVE-2025-63261
  4. In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.CVE-2026-20166
  5. In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.CVE-2026-20162

References

Sources include official advisories and independent security research.