FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-setuptools -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected packages
py27-setuptools44 < 78.1.1
py310-setuptools < 78.1.1
py310-setuptools58 < 78.1.1
py311-setuptools < 78.1.1
py311-setuptools58 < 78.1.1
py312-setuptools < 78.1.1
py312-setuptools58 < 78.1.1
py313-setuptools < 78.1.1
py313-setuptools58 < 78.1.1
py313t-setuptools < 78.1.1
py313t-setuptools58 < 78.1.1
py314-setuptools < 78.1.1
py314-setuptools58 < 78.1.1

Details

VuXML ID 690144e9-4f88-11f1-982e-00a098b42aeb
Discovery 2025-05-17
Entry 2026-05-14

https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf reports:

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context.

[source]

References

CVE Name CVE-2025-47273
URL https://cveawg.mitre.org/api/cve/CVE-2025-47273

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.