pip could be made to expose sensitive information over the network.
Software Description:
- python-pip: Python package installer
Details:
USN-7599-1 fixed vulnerabilities in python-urllib3. This update provides
the corresponding update for python-pip for CVE-2025-50181.
Original advisory details:
Jacob Sandum discovered that urllib3 handled redirects even when they were
explicitly disabled while using the PoolManager. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2025-50181)
Illia Volochii discovered that urllib3 incorrectly handled retry and
redirect parameters when using Node.js. An attacker could possibly use this
issue to obtain sensitive information. This issue only affected Ubuntu
25.04. (CVE-2025-50182)
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-pip 25.0+dfsg-1ubuntu0.1 Ubuntu 24.10 python3-pip 24.2+dfsg-1ubuntu0.2 Ubuntu 24.04 LTS python3-pip 24.0+dfsg-1ubuntu1.2 Ubuntu 22.04 LTS python3-pip 22.0.2+dfsg-1ubuntu0.6 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7599-2
https://ubuntu.com/security/notices/USN-7599-2
CVE-2025-50181
Get the latest Linux and open source security news straight to your inbox.