CVE-2025-13462
Analyzed Analyzed - Analysis Complete
Tarfile Module Normalization Flaw Causes Archive Misinterpretation

Publication date: 2026-03-12

Last updated on: 2026-06-11

Assigner: Python Software Foundation

Description
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-06-11
Generated
2026-06-16
AI Q&A
2026-03-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13462
EUVD
EUVD-2025-208613
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
python python 3.15.0
python python 3.15.0
python python to 3.13.13 (exc)
python python From 3.14.0 (inc) to 3.14.4 (exc)
python python 3.15.0
python python 3.15.0
python python 3.15.0
python python 3.15.0
python python 3.15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-13462 is a low severity vulnerability in Python's tarfile module caused by incorrect normalization of tar archive entries. Specifically, the module incorrectly applies normalization of AREGTYPE (regular file) blocks to DIRTYPE (directory) entries even when processing multi-block members such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This leads to misinterpretation of specially crafted tar archives compared to other tar implementations."}, {'type': 'paragraph', 'content': 'The issue arises because when handling GNU long name encoding, the tarfile module reads the long name data blocks and then parses the actual header again. During this second parsing, garbage data from the long name section can overwrite the entry type, changing it incorrectly to a directory type. This causes the module to mismanage offsets and silently discard exceptions, resulting in incorrect processing or premature termination of archive reading.'}, {'type': 'paragraph', 'content': 'The vulnerability affects how GNU long name and link types are handled during tar extraction, potentially causing inconsistent or incorrect archive processing. The fix involves skipping the DIRTYPE normalization during the handling of these GNU long name and link types to prevent this misclassification.'}] [1, 2, 3]

Impact Analysis

This vulnerability can cause the tarfile module to misinterpret specially crafted tar archives, leading to inconsistent or incorrect extraction of files.

Specifically, the incorrect normalization of file types can cause the module to mismanage offsets and silently discard errors during tar extraction. This may result in premature termination of archive processing or skipping of entries.

Potential security risks include arbitrary file extraction or path traversal attacks if an attacker crafts a malicious tar archive exploiting this flaw.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves the Python tarfile module misinterpreting specially crafted tar archives that use GNU long name encoding combined with AREGTYPE blocks. Detection would involve analyzing tar archives for abnormal behavior during extraction, such as unexpected directory type normalization or silent failures when reading tar entries.

There are no specific commands provided in the available resources to detect this vulnerability directly on a network or system.

Mitigation Strategies

To mitigate this vulnerability, update your Python environment to a version that includes the fix for CVE-2025-13462. The fix was merged on March 11, 2026, and backported to Python versions 3.10 through 3.14.

The fix involves skipping the normalization of directory type (DIRTYPE) entries during the processing of GNU long name and link types in the tarfile module, preventing misinterpretation of tar archives.

Until you update, avoid extracting tar archives from untrusted sources that might exploit this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13462. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart