CVE-2026-25645

{"id": "CVE-2026-25645", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2026-03-25T17:16:52.970", "references": [{"url": "https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/psf/requests/releases/tag/v2.33.0", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-377"}]}], "descriptions": [{"lang": "en", "value": "Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access."}, {"lang": "es", "value": "Requests es una biblioteca HTTP. Antes de la versi\u00f3n 2.33.0, la funci\u00f3n de utilidad 'requests.utils.extract_zipped_paths()' utiliza un nombre de archivo predecible al extraer archivos de archivos zip en el directorio temporal del sistema. Si el archivo de destino ya existe, se reutiliza sin validaci\u00f3n. Un atacante local con acceso de escritura al directorio temporal podr\u00eda pre-crear un archivo malicioso que se cargar\u00eda en lugar del leg\u00edtimo. El uso est\u00e1ndar de la biblioteca Requests no se ve afectado por esta vulnerabilidad. Solo las aplicaciones que llaman a 'extract_zipped_paths()' directamente se ven afectadas. A partir de la versi\u00f3n 2.33.0, la biblioteca extrae archivos a una ubicaci\u00f3n no determinista. Si los desarrolladores no pueden actualizar, pueden establecer 'TMPDIR' en su entorno a un directorio con acceso de escritura restringido."}], "lastModified": "2026-03-30T14:23:16.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B164516D-2E98-41D4-9CB7-40FD49A1B6D9", "versionEndExcluding": "2.33.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}