Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: Python3 Low Security Update CVE-2025-6075 CVE-2025-8291

suse
Calendar Grey December 15, 2025
Dist Suse Esm H88
Update addressing two low severity issues in python3 on SUSE. Essential for system protection and integrity.
An update that solves two vulnerabilities can now be installed.

Summary

## This update for python3 fixes the following issues: Security issues fixed: * CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities on `os.path.expandvars()` (bsc#1252974). * CVE-2025-8291: Fixed missing validity checks of the ZIP64 End of Central Directory (EOCD) (bsc#1251305). Other issues fixed: * Added @requires_lchmod operator for skipping tests on platforms were changing the mode of symbolic links is supported. * Fixed decoding byte strings in `localeconv()` for consistent output. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security

References

* bsc#1251305

* bsc#1252974

Cross-

* CVE-2025-6075

* CVE-2025-8291

CVSS scores:

* CVE-2025-6075 ( SUSE ): 1.8

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-6075 ( NVD ): 1.8

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-8291 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-8291 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:4398-1
Release Date: 2025-12-15T11:30:55Z
Rating: low

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here