CVE-2025-13837 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Affected Products (NVD)

Vendor	Product	Version
python	python	𝑥 < 3.13.10
python	python	3.14.0 ≤ 𝑥 < 3.14.1
python	python	3.15.0:alpha1
python	python	3.15.0:alpha2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pypy3

bookworm	no-dsa
bullseye	postponed
bullseye (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	no-dsa

python3.11

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	postponed
trixie	no-dsa

python3.13

bookworm	no-dsa
bullseye	postponed
forky	3.13.12-1 fixed
sid	3.13.12-1 fixed
trixie	no-dsa

python3.14

bookworm	no-dsa
bullseye	postponed
forky	3.14.3-1 fixed
sid	3.14.3-1 fixed
trixie	no-dsa

python3.9

bookworm	no-dsa
bullseye	postponed
bullseye (security)	3.9.2-1+deb11u5 fixed
trixie	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

python2.7

bionic	ignored
focal	ignored
jammy	ignored
noble	dne
plucky	dne
questing	dne
trusty	ignored
xenial	ignored

python3.4

jammy	dne
noble	dne
plucky	dne
questing	dne
trusty	ignored

python3.5

jammy	dne
noble	dne
plucky	dne
questing	dne
trusty	Fixed 3.5.2-2ubuntu0~16.04.4~14.04.1+esm9 released
xenial	Fixed 3.5.2-2ubuntu0~16.04.13+esm21 released

python3.6

bionic	Fixed 3.6.9-1~18.04ubuntu1.13+esm8 released
jammy	dne
noble	dne
plucky	dne
questing	dne

python3.7

bionic	Fixed 3.7.5-2ubuntu1~18.04.2+esm9 released
jammy	dne
noble	dne
plucky	dne
questing	dne

python3.8

bionic	Fixed 3.8.0-3ubuntu1~18.04.2+esm9 released
focal	Fixed 3.8.10-0ubuntu1~20.04.18+esm5 released
jammy	dne
noble	dne
plucky	dne
questing	dne

python3.9

focal	Fixed 3.9.5-3ubuntu0~20.04.1+esm9 released
jammy	dne
noble	dne
plucky	dne
questing	dne

python3.10

jammy	Fixed 3.10.12-1~22.04.14 released
noble	dne
plucky	dne
questing	dne

python3.11

jammy	Fixed 3.11.0~rc1-1~22.04.1~esm8 released
noble	dne
plucky	dne
questing	dne

python3.12

jammy	dne
noble	Fixed 3.12.3-1ubuntu0.11 released
plucky	dne
questing	dne

python3.13

jammy	dne
noble	dne
plucky	ignored
questing	Fixed 3.13.7-1ubuntu0.3 released

python3.14

jammy	dne
noble	dne
plucky	dne
questing	Fixed 3.14.0-1ubuntu0.2 released

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036

https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b

https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70

https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba

https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb

https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111

https://github.com/python/cpython/issues/119342

https://github.com/python/cpython/pull/119343

https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/