CVE-2025-71176
Directory Traversal in pytest Allows Local DoS and Privilege Escalation
Publication date: 2026-01-22
Last updated on: 2026-01-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pytest | pytest | 9.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-379 | The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-71176 is a vulnerability in pytest on UNIX systems related to its handling of temporary directories. Pytest creates temporary directories under predictable paths like /tmp/pytest-of-{user} and performs ownership checks that follow symbolic links (symlinks). This creates a Time-Of-Check to Time-Of-Use (TOCTOU) race condition, allowing local attackers to exploit symlink attacks. An attacker can create a symlink from the expected directory to a location they control, causing pytest to write data or change permissions in unintended places. This can lead to denial of service or potentially privilege escalation depending on the context. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow local users on a UNIX system to cause a denial of service by interfering with pytest's temporary directories. Additionally, depending on the environment and usage, it may allow attackers to gain elevated privileges or execute code by exploiting the predictable temporary directory names and symlink race conditions. This is particularly relevant in multi-user or cloud continuous integration environments where multiple users share the same system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the predictable temporary directories named /tmp/pytest-of-<user> and verifying if they are symbolic links pointing to unexpected locations. On Linux systems, you can use commands like `ls -l /tmp/pytest-of-*` to list these directories and check for symlinks. Additionally, inspecting sysctl settings related to filesystem protections can help detect if protections are disabled: `sysctl fs.protected_fifos fs.protected_regular fs.protected_symlinks fs.protected_hardlinks`. If these are not set to recommended values, the system is more vulnerable. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include manually creating a secure temporary directory using commands like `mktemp -d` and configuring pytest to use this directory instead of the default /tmp/pytest-of-<user> path by setting environment variables such as `PYTEST_DEBUG_TEMPROOT` or overriding Python's `tempfile.gettempdir`. Additionally, on Linux systems, enable the following sysctl settings to harden filesystem protections: `fs.protected_fifos=2`, `fs.protected_regular=2`, `fs.protected_symlinks=1`, and `fs.protected_hardlinks=1`. These measures help prevent exploitation of the TOCTOU vulnerability by restricting symlink and file manipulation attacks. [1]