Bug 2366982 (CVE-2025-47273) - CVE-2025-47273 setuptools: Path Traversal Vulnerability in setuptools PackageIndex
Summary: CVE-2025-47273 setuptools: Path Traversal Vulnerability in setuptools Package...
Keywords:
Status: NEW
Alias: CVE-2025-47273
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2372616 2372617 2367429 2367430 2372612 2372613 2372614 2372615
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-17 16:01 UTC by OSIDB Bzimport
Modified: 2025-10-08 02:41 UTC (History)
119 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:10640 0 None None None 2025-07-08 13:46:18 UTC
Red Hat Product Errata RHBA-2025:12058 0 None None None 2025-07-29 08:46:52 UTC
Red Hat Product Errata RHBA-2025:12320 0 None None None 2025-07-30 21:03:21 UTC
Red Hat Product Errata RHSA-2025:10407 0 None None None 2025-07-07 11:52:53 UTC
Red Hat Product Errata RHSA-2025:11036 0 None None None 2025-07-15 01:26:30 UTC
Red Hat Product Errata RHSA-2025:11043 0 None None None 2025-07-15 01:02:18 UTC
Red Hat Product Errata RHSA-2025:11044 0 None None None 2025-07-15 01:30:38 UTC
Red Hat Product Errata RHSA-2025:11101 0 None None None 2025-07-15 09:35:22 UTC
Red Hat Product Errata RHSA-2025:11102 0 None None None 2025-07-15 09:34:55 UTC
Red Hat Product Errata RHSA-2025:11424 0 None None None 2025-07-21 08:31:44 UTC
Red Hat Product Errata RHSA-2025:11425 0 None None None 2025-07-21 08:18:12 UTC
Red Hat Product Errata RHSA-2025:11426 0 None None None 2025-07-21 08:16:33 UTC
Red Hat Product Errata RHSA-2025:11427 0 None None None 2025-07-21 08:25:57 UTC
Red Hat Product Errata RHSA-2025:11463 0 None None None 2025-07-21 15:35:39 UTC
Red Hat Product Errata RHSA-2025:11464 0 None None None 2025-07-21 15:00:17 UTC
Red Hat Product Errata RHSA-2025:11584 0 None None None 2025-07-23 05:32:26 UTC
Red Hat Product Errata RHSA-2025:11607 0 None None None 2025-07-23 11:35:26 UTC
Red Hat Product Errata RHSA-2025:11868 0 None None None 2025-07-28 10:12:00 UTC
Red Hat Product Errata RHSA-2025:11984 0 None None None 2025-07-28 16:47:42 UTC
Red Hat Product Errata RHSA-2025:12020 0 None None None 2025-07-29 05:16:36 UTC
Red Hat Product Errata RHSA-2025:12834 0 None None None 2025-08-05 03:34:34 UTC
Red Hat Product Errata RHSA-2025:13578 0 None None None 2025-08-11 07:45:09 UTC
Red Hat Product Errata RHSA-2025:13668 0 None None None 2025-08-12 00:44:21 UTC
Red Hat Product Errata RHSA-2025:13669 0 None None None 2025-08-12 00:41:13 UTC
Red Hat Product Errata RHSA-2025:13803 0 None None None 2025-08-13 15:23:06 UTC
Red Hat Product Errata RHSA-2025:13804 0 None None None 2025-08-13 15:30:32 UTC
Red Hat Product Errata RHSA-2025:14686 0 None None None 2025-08-26 21:00:18 UTC
Red Hat Product Errata RHSA-2025:14900 0 None None None 2025-08-28 16:56:58 UTC
Red Hat Product Errata RHSA-2025:15408 0 None None None 2025-09-08 01:21:35 UTC
Red Hat Product Errata RHSA-2025:15410 0 None None None 2025-09-08 01:22:16 UTC
Red Hat Product Errata RHSA-2025:15411 0 None None None 2025-09-08 01:12:50 UTC
Red Hat Product Errata RHSA-2025:9940 0 None None None 2025-06-30 12:40:20 UTC

Description OSIDB Bzimport 2025-05-17 16:01:04 UTC 
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
Comment 5 errata-xmlrpc 2025-06-30 12:40:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:9940 https://access.redhat.com/errata/RHSA-2025:9940
Comment 6 errata-xmlrpc 2025-07-07 11:52:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:10407 https://access.redhat.com/errata/RHSA-2025:10407
Comment 8 errata-xmlrpc 2025-07-15 01:02:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:11043 https://access.redhat.com/errata/RHSA-2025:11043
Comment 9 errata-xmlrpc 2025-07-15 01:26:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:11036 https://access.redhat.com/errata/RHSA-2025:11036
Comment 10 errata-xmlrpc 2025-07-15 01:30:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:11044 https://access.redhat.com/errata/RHSA-2025:11044
Comment 11 errata-xmlrpc 2025-07-15 09:34:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:11102 https://access.redhat.com/errata/RHSA-2025:11102
Comment 12 errata-xmlrpc 2025-07-15 09:35:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:11101 https://access.redhat.com/errata/RHSA-2025:11101
Comment 18 errata-xmlrpc 2025-07-21 08:16:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:11426 https://access.redhat.com/errata/RHSA-2025:11426
Comment 19 errata-xmlrpc 2025-07-21 08:18:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:11425 https://access.redhat.com/errata/RHSA-2025:11425
Comment 20 errata-xmlrpc 2025-07-21 08:25:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:11427 https://access.redhat.com/errata/RHSA-2025:11427
Comment 21 errata-xmlrpc 2025-07-21 08:31:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:11424 https://access.redhat.com/errata/RHSA-2025:11424
Comment 22 errata-xmlrpc 2025-07-21 15:00:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:11464 https://access.redhat.com/errata/RHSA-2025:11464
Comment 23 errata-xmlrpc 2025-07-21 15:35:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:11463 https://access.redhat.com/errata/RHSA-2025:11463
Comment 24 errata-xmlrpc 2025-07-23 05:32:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:11584 https://access.redhat.com/errata/RHSA-2025:11584
Comment 26 errata-xmlrpc 2025-07-23 11:35:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:11607 https://access.redhat.com/errata/RHSA-2025:11607
Comment 27 errata-xmlrpc 2025-07-28 10:11:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:11868 https://access.redhat.com/errata/RHSA-2025:11868
Comment 28 errata-xmlrpc 2025-07-28 16:47:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:11984 https://access.redhat.com/errata/RHSA-2025:11984
Comment 29 errata-xmlrpc 2025-07-29 05:16:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:12020 https://access.redhat.com/errata/RHSA-2025:12020
Comment 32 errata-xmlrpc 2025-08-05 03:34:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:12834 https://access.redhat.com/errata/RHSA-2025:12834
Comment 34 errata-xmlrpc 2025-08-11 07:45:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:13578 https://access.redhat.com/errata/RHSA-2025:13578
Comment 37 errata-xmlrpc 2025-08-12 00:41:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:13669 https://access.redhat.com/errata/RHSA-2025:13669
Comment 38 errata-xmlrpc 2025-08-12 00:44:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:13668 https://access.redhat.com/errata/RHSA-2025:13668
Comment 43 errata-xmlrpc 2025-08-13 15:22:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:13803 https://access.redhat.com/errata/RHSA-2025:13803
Comment 44 errata-xmlrpc 2025-08-13 15:30:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:13804 https://access.redhat.com/errata/RHSA-2025:13804
Comment 51 errata-xmlrpc 2025-08-26 21:00:05 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2025:14686 https://access.redhat.com/errata/RHSA-2025:14686
Comment 57 errata-xmlrpc 2025-08-28 16:56:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:14900 https://access.redhat.com/errata/RHSA-2025:14900
Comment 58 errata-xmlrpc 2025-09-08 01:12:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:15411 https://access.redhat.com/errata/RHSA-2025:15411
Comment 59 errata-xmlrpc 2025-09-08 01:21:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Via RHSA-2025:15408 https://access.redhat.com/errata/RHSA-2025:15408
Comment 60 errata-xmlrpc 2025-09-08 01:22:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:15410 https://access.redhat.com/errata/RHSA-2025:15410
Note You need to log in before you can comment on or make changes to this bug.