CVE-2025-68146: filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
A Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with O_TRUNC. An attacker can create a symlink pointing to a victim file in the time gap between the check and open, causing os.open() to follow the symlink and truncate the target file.
Who is impacted:
All users of filelock on Unix, Linux, macOS, and Windows systems. The vulnerability cascades to dependent libraries:
- virtualenv users: Configuration files can be overwritten with virtualenv metadata, leaking sensitive paths
- PyTorch users: CPU ISA cache or model checkpoints can be corrupted, causing crashes or ML pipeline failures
- poetry/tox users: through using virtualenv or filelock on their own.
Attack requires local filesystem access and ability to create symlinks (standard user permissions on Unix; Developer Mode on Windows 10+). Exploitation succeeds within 1-3 attempts when lock file paths are predictable.
References
- github.com/advisories/GHSA-w853-jp5j-5j7f
- github.com/tox-dev/filelock
- github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e
- github.com/tox-dev/filelock/releases/tag/3.20.1
- github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f
- learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants
- nvd.nist.gov/vuln/detail/CVE-2025-68146
- pubs.opengroup.org/onlinepubs/9699919799/functions/open.html
Code Behaviors & Features
Detect and mitigate CVE-2025-68146 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →