CVE-2025-71176 | THREATINT

Description

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.

PUBLISHED Reserved 2026-01-22 | Published 2026-01-22 | Updated 2026-01-22 | Assigner mitre

MEDIUM: 6.8CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Problem types

CWE-379 Creation of Temporary File in Directory with Insecure Permissions

Product status

Default status

unknown

Any version

affected

References

github.com/pytest-dev/pytest/issues/13669

www.openwall.com/lists/oss-security/2026/01/21/5

cve.org (CVE-2025-71176)

nvd.nist.gov (CVE-2025-71176)

Download JSON