CVE Alert: CVE-2025-8194
Vulnerability Summary: CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: import tarfile def _block_patched(self, count): if count < 0: # pragma: no cover raise tarfile.InvalidHeaderError("invalid offset") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched
Affected Endpoints:
No affected endpoints listed.
Published Date:
7/28/2025, 7:15:43 PM
🔥 CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38
- https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe
- https://github.com/python/cpython/issues/130577
- https://github.com/python/cpython/pull/137027
- https://mail.python.org/archives/list/[email protected]/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
