CVE-2025-6075

Quadratic complexity in os.path.expandvars() with user-controlled template

Description

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

5.5

Severity

Medium

Ecosystem

APT

Publish Date

October 31, 2025

Modified Date

December 2, 2025

Score Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Versions