SUSE update for python313
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-6075 CVE-2025-8291 |
| CWE-ID | CWE-400 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Python 3 Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system python313-curses Operating systems & Components / Operating system package or component python313-curses-debuginfo Operating systems & Components / Operating system package or component python313-base Operating systems & Components / Operating system package or component python313-debuginfo Operating systems & Components / Operating system package or component libpython3_13-1_0-debuginfo Operating systems & Components / Operating system package or component python313-tools Operating systems & Components / Operating system package or component python313-tk-debuginfo Operating systems & Components / Operating system package or component libpython3_13-1_0 Operating systems & Components / Operating system package or component python313-devel Operating systems & Components / Operating system package or component python313-debugsource Operating systems & Components / Operating system package or component python313-idle Operating systems & Components / Operating system package or component python313-dbm Operating systems & Components / Operating system package or component python313-core-debugsource Operating systems & Components / Operating system package or component python313 Operating systems & Components / Operating system package or component python313-base-debuginfo Operating systems & Components / Operating system package or component python313-dbm-debuginfo Operating systems & Components / Operating system package or component python313-tk Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU118735
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-6075
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the os.path.expandvars() function. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package python313 to the latest version.
Vulnerable software versionsPython 3 Module: 15-SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
python313-curses: before 3.13.9-150700.4.26.1
python313-curses-debuginfo: before 3.13.9-150700.4.26.1
python313-base: before 3.13.9-150700.4.26.1
python313-debuginfo: before 3.13.9-150700.4.26.1
libpython3_13-1_0-debuginfo: before 3.13.9-150700.4.26.1
python313-tools: before 3.13.9-150700.4.26.1
python313-tk-debuginfo: before 3.13.9-150700.4.26.1
libpython3_13-1_0: before 3.13.9-150700.4.26.1
python313-devel: before 3.13.9-150700.4.26.1
python313-debugsource: before 3.13.9-150700.4.26.1
python313-idle: before 3.13.9-150700.4.26.1
python313-dbm: before 3.13.9-150700.4.26.1
python313-core-debugsource: before 3.13.9-150700.4.26.1
python313: before 3.13.9-150700.4.26.1
python313-base-debuginfo: before 3.13.9-150700.4.26.1
python313-dbm-debuginfo: before 3.13.9-150700.4.26.1
python313-tk: before 3.13.9-150700.4.26.1
CPE2.3- cpe:2.3:o:suse:python_3_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:python313-curses:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-curses-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_13-1_0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-tk-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_13-1_0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-idle:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-dbm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-core-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-dbm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-tk:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254277-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU116971
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-8291
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to extract files into arbitrary locations on the system.
The vulnerability exists due to the zipfile module does not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value when extracting files. A remote attacker can use a specially crafted zip file to extract data into arbitrary locations on the system.
MitigationUpdate the affected package python313 to the latest version.
Vulnerable software versionsPython 3 Module: 15-SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
python313-curses: before 3.13.9-150700.4.26.1
python313-curses-debuginfo: before 3.13.9-150700.4.26.1
python313-base: before 3.13.9-150700.4.26.1
python313-debuginfo: before 3.13.9-150700.4.26.1
libpython3_13-1_0-debuginfo: before 3.13.9-150700.4.26.1
python313-tools: before 3.13.9-150700.4.26.1
python313-tk-debuginfo: before 3.13.9-150700.4.26.1
libpython3_13-1_0: before 3.13.9-150700.4.26.1
python313-devel: before 3.13.9-150700.4.26.1
python313-debugsource: before 3.13.9-150700.4.26.1
python313-idle: before 3.13.9-150700.4.26.1
python313-dbm: before 3.13.9-150700.4.26.1
python313-core-debugsource: before 3.13.9-150700.4.26.1
python313: before 3.13.9-150700.4.26.1
python313-base-debuginfo: before 3.13.9-150700.4.26.1
python313-dbm-debuginfo: before 3.13.9-150700.4.26.1
python313-tk: before 3.13.9-150700.4.26.1
CPE2.3- cpe:2.3:o:suse:python_3_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:python313-curses:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-curses-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_13-1_0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-tk-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_13-1_0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-idle:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-dbm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-core-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-dbm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python313-tk:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254277-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
