AZL-61943

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61943.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-61943

Upstream

CVE-2025-47273

Published

2025-05-17T16:15:19Z

Modified

2026-04-01T05:19:57.309536Z

Summary

CVE-2025-47273 affecting package python-setuptools for versions less than 69.0.3-5

Details

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-47273

Affected packages

Azure Linux:3 / python-setuptools

Package

Name: python-setuptools
Purl: pkg:rpm/azure-linux/python-setuptools

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

69.0.3-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61943.json"