CVE-2025-12084 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Affected Products (NVD)

Vendor	Product	Version
python	python	𝑥 < 3.13.11
python	python	3.14.0 ≤ 𝑥 < 3.14.2
python	python	3.15.0:alpha1
python	python	3.15.0:alpha2

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

jython

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	ignored
questing	needs-triage
xenial	needs-triage

pypy3

focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	ignored
questing	needs-triage

python2.7

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
plucky	dne
questing	dne
trusty	needs-triage
xenial	needs-triage

python3.4

jammy	dne
noble	dne
plucky	dne
questing	dne
trusty	Fixed 3.4.3-1ubuntu1~14.04.7+esm19 released

python3.5

jammy	dne
noble	dne
plucky	dne
questing	dne
trusty	Fixed 3.5.2-2ubuntu0~16.04.4~14.04.1+esm9 released
xenial	Fixed 3.5.2-2ubuntu0~16.04.13+esm21 released

python3.6

bionic	Fixed 3.6.9-1~18.04ubuntu1.13+esm8 released
jammy	dne
noble	dne
plucky	dne
questing	dne

python3.7

bionic	Fixed 3.7.5-2ubuntu1~18.04.2+esm9 released
jammy	dne
noble	dne
plucky	dne
questing	dne

python3.8

bionic	Fixed 3.8.0-3ubuntu1~18.04.2+esm9 released
focal	Fixed 3.8.10-0ubuntu1~20.04.18+esm5 released
jammy	dne
noble	dne
plucky	dne
questing	dne

python3.9

focal	Fixed 3.9.5-3ubuntu0~20.04.1+esm9 released
jammy	dne
noble	dne
plucky	dne
questing	dne

python3.10

jammy	Fixed 3.10.12-1~22.04.14 released
noble	dne
plucky	dne
questing	dne

python3.11

jammy	Fixed 3.11.0~rc1-1~22.04.1~esm8 released
noble	dne
plucky	dne
questing	dne

python3.12

jammy	dne
noble	Fixed 3.12.3-1ubuntu0.11 released
plucky	dne
questing	dne

python3.13

jammy	dne
noble	dne
plucky	ignored
questing	Fixed 3.13.7-1ubuntu0.3 released

python3.14

jammy	dne
noble	dne
plucky	dne
questing	Fixed 3.14.0-1ubuntu0.2 released

Common Weakness Enumeration

CWE-407 - Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References

https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0

https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4

https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437

https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af

https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273

https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907

https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d

https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8

https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8

https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0

https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964

https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53

https://github.com/python/cpython/issues/142145

https://github.com/python/cpython/pull/142146