Bug 2440724 (CVE-2025-14009)
| Summary: | CVE-2025-14009 nltk: Zip Slip Vulnerability in nltk Leading to Code Execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | anpicker, bparees, ebourniv, hasun, jfula, jkoehler, jmitchel, jowilson, jwong, kshier, lgallett, lphiri, nyancey, omaciel, ometelka, pbohmill, ptisnovs, sbunciak, syedriko, teagle, ttakamiy, xdharmai |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A code execution vector has been discovered in the python NTLK library. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2440819, 2440820, 2440821 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-02-18 19:03:51 UTC
|