{"id":"BIT-python-min-2025-4435","summary":"Tarfile extracts filtered members when errorlevel=0","details":"When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.","aliases":["BIT-libpython-2025-4435","BIT-python-2025-4435","CVE-2025-4435","PSF-2025-8"],"modified":"2025-08-11T14:44:54.453782Z","published":"2025-07-10T09:02:35.792Z","database_specific":{"severity":"High","cpes":["cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"]},"references":[{"type":"WEB","url":"https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"},{"type":"WEB","url":"https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"},{"type":"WEB","url":"https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"},{"type":"WEB","url":"https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"},{"type":"WEB","url":"https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"},{"type":"WEB","url":"https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"},{"type":"WEB","url":"https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"},{"type":"WEB","url":"https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"},{"type":"WEB","url":"https://github.com/python/cpython/issues/135034"},{"type":"WEB","url":"https://github.com/python/cpython/pull/135037"},{"type":"WEB","url":"https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4435"}],"affected":[{"package":{"name":"python-min","ecosystem":"Bitnami","purl":"pkg:bitnami/python-min"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.9.23"},{"introduced":"3.10.0"},{"fixed":"3.10.18"},{"introduced":"3.11.0"},{"fixed":"3.11.13"},{"introduced":"3.12.0"},{"fixed":"3.12.11"},{"introduced":"3.13.0"},{"fixed":"3.13.4"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/python-min/BIT-python-min-2025-4435.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}],"schema_version":"1.7.3"}