2431969 – (CVE-2025-71176) CVE-2025-71176 pytest: pytest: Denial of Service or Privilege Escalation via insecure temporary directory handling

Bug 2431969 (CVE-2025-71176) - CVE-2025-71176 pytest: pytest: Denial of Service or Privilege Escalation via insecure temporary directory handling

Summary: CVE-2025-71176 pytest: pytest: Denial of Service or Privilege Escalation via ...

Keywords:
Status:	NEW
Alias:	CVE-2025-71176
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2432023 2432024
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-22 06:01 UTC by OSIDB Bzimport
Modified:	2026-01-22 13:36 UTC (History)
CC List:	75 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-22 06:01:25 UTC

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.

Note You need to log in before you can comment on or make changes to this bug.

adudiak
alinfoot
anthomas
aprice
bbrownin
carogers
caswilli
crizzo
dfreiber
drow
dtrifiro
eglynn
ehelms
erezende
ggainey
gtanzill
haoli
hkataria
jajackso
jburrell
jbuscemi
jcammara
jdobes
jjoyce
jkoehler
jmitchel
jneedle
jsamir
jschluet
juwatts
jwong
kaycoth
kegrant
kgaikwad
koliveir
kshier
lhh
ljawale
lphiri
luizcosta
mabashia
mbocek
mburns
mgarciac
mhayden
mhulan
mrunge
nmoumoul
nweather
oezr
omaciel
orabin
osousa
pbohmill
pbraun
pcreech
rbobbitt
rbryant
rchan
sdawley
sdoran
shvarugh
simaishi
smallamp
smcdonal
stcannon
teagle
tfister
thavo
tmalecek
ttakamiy
vimartin
vkumar
weaton
yguenane