CVE-2025-13837 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
PSF	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
python	python	𝑥 < 3.13.10
python	python	3.14.0 ≤ 𝑥 < 3.14.1
python	python	3.15.0:alpha1
python	python	3.15.0:alpha2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pypy3

bullseye	postponed
trixie	no-dsa
bookworm	no-dsa
bullseye (security)	vulnerable
forky	vulnerable
sid	vulnerable

python3.11

bookworm	no-dsa
trixie	no-dsa
bullseye	postponed
bookworm (security)	vulnerable

python3.13

trixie	no-dsa
bookworm	no-dsa
bullseye	postponed
forky	3.13.11-1 fixed
sid	3.13.11-1 fixed

python3.14

forky	3.14.2-1 fixed
sid	3.14.2-1 fixed
trixie	no-dsa
bookworm	no-dsa
bullseye	postponed

python3.9

bullseye	postponed
trixie	no-dsa
bookworm	no-dsa
bullseye (security)	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

python2.7

questing	dne
plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

python3.4

questing	dne
plucky	dne
noble	dne
jammy	dne
trusty	needs-triage

python3.5

questing	dne
plucky	dne
noble	dne
jammy	dne
xenial	needs-triage
trusty	needs-triage

python3.6

questing	dne
plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

python3.7

questing	dne
plucky	dne
noble	dne
jammy	dne
bionic	needs-triage

python3.8

questing	dne
plucky	dne
noble	dne
jammy	dne
focal	needs-triage
bionic	needs-triage

python3.9

questing	dne
plucky	dne
noble	dne
jammy	dne
focal	needs-triage

python3.10

questing	dne
plucky	dne
noble	dne
jammy	needs-triage

python3.11

questing	dne
plucky	dne
noble	dne
jammy	needs-triage

python3.12

questing	dne
plucky	dne
noble	needs-triage
jammy	dne

python3.13

questing	needs-triage
plucky	ignored
noble	dne
jammy	dne

python3.14

questing	needs-triage
plucky	dne
noble	dne
jammy	dne

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Vulnerability Media Exposure

[GERMAN] Python: Mehrere Schwachstellen ermöglichen Denial of Service
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Python ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2025-12-01T23:00:00+00:00

References

https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b

https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70

https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba

https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb

https://github.com/python/cpython/issues/119342

https://github.com/python/cpython/pull/119343

https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/