Medium severity6.8OSV Advisory· Published Jan 22, 2026· Updated Apr 15, 2026
CVE-2025-71176
CVE-2025-71176
Description
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pytestPyPI | < 9.0.3 | 9.0.3 |
Affected products
12- Range: 1.0.0b3, 1.1.0, 1.1.1, …
- osv-coords11 versionspkg:apk/chainguard/apache-beam-python-3.11-sdkpkg:apk/chainguard/apache-beam-python-3.12-sdkpkg:apk/chainguard/apache-beam-python-3.13-sdkpkg:apk/chainguard/localstackpkg:apk/chainguard/open-webuipkg:apk/chainguard/py3-cassandra-medusapkg:apk/chainguard/request-1276pkg:apk/wolfi/open-webuipkg:apk/wolfi/py3-cassandra-medusapkg:pypi/pytestpkg:rpm/opensuse/python-pytest&distro=openSUSE%20Tumbleweed
< 2.72.0-r3+ 10 more
- (no CPE)range: < 2.72.0-r3
- (no CPE)range: < 2.72.0-r3
- (no CPE)range: < 2.73.0-r2
- (no CPE)range: < 4.14.0-r8
- (no CPE)range: < 0.9.2-r0
- (no CPE)range: < 0.28.0-r0
- (no CPE)range: < 0.28.0-r0
- (no CPE)range: < 0.9.2-r0
- (no CPE)range: < 0.28.0-r0
- (no CPE)range: < 9.0.3
- (no CPE)range: < 9.0.3-1.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6w46-j5rx-g56gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-71176ghsaADVISORY
- github.com/pytest-dev/pytest/commit/95d8423bd24992deea5b9df32555fa1741679e2cghsaWEB
- github.com/pytest-dev/pytest/issues/13669nvdWEB
- github.com/pytest-dev/pytest/pull/14343ghsaWEB
- github.com/pytest-dev/pytest/releases/tag/9.0.3ghsaWEB
- www.openwall.com/lists/oss-security/2026/01/21/5nvdWEB
News mentions
0No linked articles in our index yet.