CVE-2025-4435: 
Python Interpreter vulnerability analysis and mitigation

CVE-2025-4435 affects Python's TarFile module when using TarFile.errorlevel = 0 and extracting with a filter. The documented behavior states that filtered members should be skipped and not extracted, however, in affected versions, the member would still be extracted despite being filtered (Python Security Announce).

The vulnerability occurs when using TarFile.errorlevel = 0 in combination with extraction filters. The issue stems from an incorrect implementation where filtered members are not properly skipped during extraction, contrary to the documented behavior. The vulnerability has been assigned a HIGH severity rating with a CVSS v3.1 score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) (NVD).

When exploited, this vulnerability allows filtered archive members to be extracted despite being marked for filtering, potentially leading to unauthorized file extraction. This bypasses intended security controls and could result in extraction of malicious content that should have been filtered out (Python Security Announce).

The recommended mitigation is to upgrade to a fixed version of Python or apply the available patches. If immediate patching is not possible, users should carefully validate archive contents before extraction and consider implementing additional filtering mechanisms at the application level (Python Security Announce).