Main Vulnerability Database Exploits ID:12527 - Exploit for Link following in Python - CVE-2025-4138

ID:12527 - Exploit for Link following in Python - CVE-2025-4138

Published: April 1, 2026

Vulnerability identifier: #VU111968

Vulnerability risk: High

CVE-ID: CVE-2025-4138

CWE-ID: CWE-59

Exploitation vector: Remote access

Vulnerable software:
Python

Link to public exploit:

https://github.com/thefizzyfish/CVE-2025-4138_tarfile_filter_bypass

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory during extraction with filter="data"..

Remediation

Install updates from vendor's website.

ID:12527 - Exploit for Link following in Python - CVE-2025-4138

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human