PT-2025-21795 · Pypi+12 · Setuptools+12

Sch227

Published

2025-05-17

Updated

2026-06-03

CVE-2025-47273

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions setuptools versions prior to 78.1.1

Description A path traversal vulnerability in PackageIndex was found in setuptools. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context.

Recommendations Update setuptools to version 78.1.1 or later to fix the vulnerability. For Debian 11 bullseye, update to version 52.0.0-4+deb11u2 or later. For other distributions, follow the recommended update instructions.

Exploit

Fix

RCE

DoS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2025:10407

ALSA-2025:11036

ALSA-2025:11043

ALSA-2025:11044

ALSA-2025:11463

ALSA-2025:12834

ALSA-2025:13578

ALSA-2025:14900

ALSA-2025:9940

ALT-PU-2025-8222

ALT-PU-2025-8238

AZL-61943

AZL-62438

BDU:2025-08604

BIT-SETUPTOOLS-2025-47273

CESA-2025_11036

CESA-2025_11043

CESA-2025_11044

CESA-2025_14900

CLEANSTART-2026-EQ71754

CLEANSTART-2026-NR68832

CVE-2025-47273

DLA-4183-1

ECHO-2D75-A206-3684

GHSA-5RJG-FVGR-3XXF

INFSA-2025_10407

INFSA-2025_11036

INFSA-2025_11043

INFSA-2025_11044

INFSA-2025_11463

INFSA-2025_12834

INFSA-2025_13578

INFSA-2025_14900

MGASA-2025-0288

OPENSUSE-SU-2025_01704-1

OPENSUSE-SU-2025_01709-1

OPENSUSE-SU-2025_01723-1

OPENSUSE-SU-2025_01774-1

OPENSUSE-SU-2026:10539-1

PYSEC-2025-49

RHSA-2025:10407

RHSA-2025:11036

RHSA-2025:11043

RHSA-2025:11044

RHSA-2025:11101

RHSA-2025:11102

RHSA-2025:11424

RHSA-2025:11425

RHSA-2025:11426

RHSA-2025:11427

RHSA-2025:11463

RHSA-2025:11464

RHSA-2025:11584

RHSA-2025:11607

RHSA-2025:11868

RHSA-2025:11984

RHSA-2025:12020

RHSA-2025:12834

RHSA-2025:13578

RHSA-2025:13668

RHSA-2025:13669

RHSA-2025:13803

RHSA-2025:13804

RHSA-2025:14686

RHSA-2025:14900

RHSA-2025:15408

RHSA-2025:15410

RHSA-2025:15411

RHSA-2025:9940

RHSA-2025_10407

RHSA-2025_11036

RHSA-2025_11043

RHSA-2025_11044

RHSA-2025_11463

RHSA-2025_12834

RHSA-2025_13578

RHSA-2025_14900

SUSE-SU-2025:01693-1

SUSE-SU-2025:01695-1

SUSE-SU-2025:01704-1

SUSE-SU-2025:01704-2

SUSE-SU-2025:01709-1

SUSE-SU-2025:01715-1

SUSE-SU-2025:01723-1

SUSE-SU-2025:01744-1

SUSE-SU-2025:01774-1

SUSE-SU-2025:01810-1

SUSE-SU-2025:20412-1

SUSE-SU-2025:20462-1

SUSE-SU-2025_01693-1

SUSE-SU-2025_01695-1

SUSE-SU-2025_01704-1

SUSE-SU-2025_01709-1

SUSE-SU-2025_01715-1

SUSE-SU-2025_01723-1

SUSE-SU-2025_01810-1

USN-7544-1

USN-8010-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Setuptools

PT-2025-21795 · Pypi+12 · Setuptools+12

CVE-2025-47273

Weakness Enumeration

Related Identifiers

Affected Products

References · 174