- Description
- setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 7.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-22
- Hype score
- Not currently trending
URGENT: Fedora 42 #CVE-2025-47273 patch drops for MinGW-Python setuptools. Exploits allow SYSTEM FILE OVERWRITES. Read more: 👉 https://t.co/F1F8qsqsM2 #LinuxSecurity #Infosec https://t.co/WtiiyWa3aj
@Cezar_H_Linux
23 Jun 2025
24 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-47273 Alert 🚨 Critical path traversal vuln in #Fedora42's python-setuptools patched. Risk: malicious packages could escape their directories. Update NOW: sudo dnf upgrade --advisory FEDORA-2025-1c17f3520b Read more: 👉 https://t.co/4i7tywFAK3 #LinuxSecurity #Py
@Cezar_H_Linux
19 Jun 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47273 exposes Python setup tools, risking arbitrary file writes and remote code execution. Outdated Docker images using version 65.5.1 are vulnerable. Upgrade to 78.1.1 to stay secure. 🔐 #Python #Security #US https://t.co/2UOL6Bnh5P
@TweetThreatNews
14 Jun 2025
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47273 Alert! High-severity flaw in python310-setuptools (CVSS 7.7) affects SUSE Linux. Patch via: zypper in -t patch [version] Read more: 👉 https://t.co/pVrLKIMD6U #LinuxSecurity #DevOps https://t.co/yFgO8E9lm7
@Cezar_H_Linux
27 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚀 URGENT: Patch Python Setuptools now! CVE-2025-47273 (CVSS 7.7) lets attackers write arbitrary files via path traversal. Affects: ✅ SUSE Linux 15 SP4-SP6 ✅ openSUSE Leap 15.4/15.6 ✅ Cloud Modules Read more: 👉 https://t.co/67vDthBv8Q #InfoSec #LinuxSecurity http
@Cezar_H_Linux
27 May 2025
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47273 Alert! Python-setuptools path traversal flaw (CVSS 7.7) allows arbitrary file writes in SUSE Linux 12, HPC, and SAP systems. Patch now: Read more: 👉 https://t.co/gwVckvrFCK #Infosec #Python #LinuxSecurity https://t.co/cuSXabuF9d
@Cezar_H_Linux
24 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ CVE-2025-47273 Alert ‼️ #PythonSetuptools has a path traversal bug (CVSS 7.7) affecting #SUSE Linux. Attackers can overwrite files remotely—patch ASAP! 📌 Read more: 👉https://t.co/D2GFO0fmme #Infosec #SysAdmin https://t.co/FFNSmpP8NX
@Cezar_H_Linux
24 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ちょっと放置してたけどCVE-2025-47273対応setuptools==78.1.1へ。
@sanmamama_
21 May 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47273 setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is pre… https://t.co/CDHPUhbCOa
@CVEnew
17 May 2025
489 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:setuptools:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13259606-A39D-4A80-A4CE-8F1B27A5FFE5",
"versionEndExcluding": "78.1.1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
],
"operator": "OR"
}
]
}
]