CVE-2025-4138: 
Python Interpreter vulnerability analysis and mitigation

CVE-2025-4138 is a high severity vulnerability in Python's tarfile module that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. This vulnerability affects Python versions 3.12 or later when using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() with the filter= parameter set to "data" or "tar". For Python 3.14 or later, where the default filter value changed from "no filtering" to "data", users relying on this default behavior are also affected (Python Security Announce, NVD).

The vulnerability exists in the tarfile extraction filter functionality, specifically affecting the handling of symbolic links and file metadata. The issue allows attackers to bypass the intended security controls of the extraction filter, potentially leading to unauthorized file access and modification outside the intended destination directory. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (Wiz).

The vulnerability allows attackers to create arbitrary symlinks outside the extraction directory during extraction with filter="data". This could potentially lead to unauthorized access to files outside the intended extraction directory and modification of file metadata. While this vulnerability doesn't significantly affect the installation of source distributions (which already allow arbitrary code execution during the build process), it poses a risk when evaluating source distributions with suspicious links (Python Security Announce).

The primary mitigation is to upgrade to a fixed version of Python. For users unable to upgrade, a workaround involves rejecting all links with parent directory segments (".."): for member in tar.getmembers(): if member.linkname and '..' in pathlib.Path(member.linkname).parts: raise OSError("Tarfile with insecure segment ('..') in linkname"). Additionally, users should consider disabling symbolic links if the functionality is not needed (Python Security Announce, GitHub Gist).