Bug 2408891 (CVE-2025-6075) - CVE-2025-6075 python: Quadratic complexity in os.path.expandvars() with user-controlled template
Summary: CVE-2025-6075 python: Quadratic complexity in os.path.expandvars() with user-...
Keywords:
Status: NEW
Alias: CVE-2025-6075
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2413049 2413050 2413051 2413052 2413053 2413054 2413055 2413056 2413057 2413058 2413059 2413060 2413061
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-31 17:02 UTC by OSIDB Bzimport
Modified: 2025-11-06 09:34 UTC (History)
17 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-10-31 17:02:11 UTC 
If the value passed to os.path.expandvars() is user-controlled a 
performance degradation is possible when expanding environment 
variables.
Note You need to log in before you can comment on or make changes to this bug.