[CVE-2025-6075] Quadratic complexity in os.path.expandvars() with user-controlled template
Oct. 31, 2025
5:31 p.m.
There is a LOW severity vulnerability affecting CPython.
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
Please see the linked CVE ID for the latest information on affected versions:
8
Age (days ago)
8
Last active (days ago)
0 comments
1 participants
participants (1)
-
Seth Larson