AZL-62438

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62438.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-62438

Upstream

CVE-2025-47273

Published

2025-05-17T16:15:19Z

Modified

2026-04-01T05:20:05.052742Z

Summary

CVE-2025-47273 affecting package setuptool 1.19.11-23

Details

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-47273

Affected packages

Azure Linux:3 / setuptool

Package

Name: setuptool
Purl: pkg:rpm/azure-linux/setuptool

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.19.11-23

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62438.json"