CVE-2025-8291: 
Python Interpreter vulnerability analysis and mitigation

The Python 'zipfile' module contains a vulnerability (CVE-2025-8291) related to improper validation of ZIP64 End of Central Directory (EOCD) Locator record offset values. The vulnerability was discovered and disclosed on October 7, 2025. This issue affects Python's standard library zipfile module across multiple versions (Python Security).

The vulnerability stems from the zipfile module not properly checking the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value. Instead of using this offset to locate the ZIP64 EOCD record, the module would assume it to be the previous record in the ZIP archive. The issue has been assigned a CVSS v3.1 score of 4.3 MEDIUM with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD Database).

This vulnerability could be exploited to create ZIP archives that are handled differently by the Python zipfile module compared to other ZIP implementations, potentially leading to inconsistent behavior and security implications when processing ZIP files (Python Security).

The issue has been patched by implementing additional consistency checks in the zipfile module. The fix maintains the existing behavior but adds verification that the offset specified in the ZIP64 EOCD Locator record matches the expected value. The patch has been applied across multiple Python versions through various pull requests (Python GitHub).