PT-2025-44651 · Python+9 · Os.Path.Expandvars+9

Published

2025-06-28

·

Updated

2026-05-19

·

CVE-2025-6075

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions versions prior to 2.3
Description A performance degradation can occur when expanding environment variables using the os.path.expandvars() function if the value passed to it is user-controlled. The function os.path.expandvars() is susceptible to this issue.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2025:23342
ALSA-2025:23530
ALSA-2026:10950
ALSA-2026:19064
ALSA-2026:19177
AZL-69625
AZL-69628
BDU:2026-05129
BIT-LIBPYTHON-2025-6075
BIT-PYTHON-2025-6075
BIT-PYTHON-MIN-2025-6075
CVE-2025-6075
ECHO-A643-F216-2DC6
OPENSUSE-SU-2025:15742-1
OPENSUSE-SU-2025:15748-1
OPENSUSE-SU-2025:15750-1
OPENSUSE-SU-2025:15760-1
OPENSUSE-SU-2025:15768-1
OPENSUSE-SU-2025:15791-1
OPENSUSE-SU-2025:15792-1
OPENSUSE-SU-2026:20081-1
PSF-2025-13
RHSA-2026:10950
RHSA-2026:19064
RHSA-2026:19177
RHSA-2026:7443
RHSA-2026:7661
RHSA-2026:8822
RHSA-2026:8824
SUSE-SU-2025:21199-1
SUSE-SU-2025:21207-1
SUSE-SU-2025:4221-1
SUSE-SU-2025:4257-1
SUSE-SU-2025:4257-2
SUSE-SU-2025:4258-1
SUSE-SU-2025:4277-1
SUSE-SU-2025:4297-1
SUSE-SU-2025:4352-1
SUSE-SU-2025:4368-1
SUSE-SU-2025:4389-1
SUSE-SU-2025:4398-1
SUSE-SU-2025:4487-1
SUSE-SU-2025_4257-1
SUSE-SU-2025_4297-1
SUSE-SU-2025_4368-1
SUSE-SU-2026:0268-1
SUSE-SU-2026:0337-1
SUSE-SU-2026:0663-1
SUSE-SU-2026:1062-1
SUSE-SU-2026:1107-1
SUSE-SU-2026:1117-1
SUSE-SU-2026:1349-1
SUSE-SU-2026:20125-1
SUSE-SU-2026:20154-1
SUSE-SU-2026:20768-1
SUSE-SU-2026:20796-1
USN-7886-1
USN-7886-2

Affected Products

Almalinux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Os.Path.Expandvars