CVE-2025-66221

CVSS v4.0

6.3

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Werkzeug versions prior to 3.1.4

Description The

safe join

function in Werkzeug versions prior to 3.1.4 improperly handles path segments containing Windows device names. On Windows systems, special device names like CON and AUX are present in every directory. The

send from directory

function utilizes

safe join

to serve files from user-specified paths. When a request path includes a Windows device name, file opening succeeds, but reading the file will cause the application to hang indefinitely. This occurs because the operating system attempts to access a device rather than a regular file.

Recommendations Update to Werkzeug version 3.1.4 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-67

Related Identifiers

CVE-2025-66221

GHSA-HGF8-39GV-G3F2

Affected Products

Werkzeug

CVE-2025-66221

Weakness Enumeration

Related Identifiers

Affected Products

References · 7