PT-2026-22310 · Uv · Uv

Published

2025-10-29

Updated

2026-03-06

CVE-2025-13327

CVSS v4.0

6.8

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions uv (affected versions not specified)

Description A flaw exists in uv that could allow an attacker to execute malicious code during package resolution or installation. This is possible through specially crafted ZIP archives that exploit parsing differences. User interaction is required to install an attacker-controlled package for exploitation to occur.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-436CWE-1286

Related Identifiers

CVE-2025-13327

GHSA-PQHF-P39G-3X64

GHSA-V653-R55G-HCMG

OPENSUSE-SU-2026:20330-1

PT-2026-22310 · Uv · Uv

CVE-2025-13327

Weakness Enumeration

Related Identifiers

Affected Products

References · 16