cvedb.io
CVE-2025-47273
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2025-05-17T16:15:19.110 · Last modified 2026-06-17T09:27:38.827

Summary

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

Affected products

python — setuptools

Does this affect you?

Add your gear to cvedb and we'll alert you only when python ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.