CVE-2025-71176: pytest has vulnerable tmpdir handling
(updated )
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
References
- github.com/advisories/GHSA-6w46-j5rx-g56g
- github.com/pytest-dev/pytes
- github.com/pytest-dev/pytest/commit/95d8423bd24992deea5b9df32555fa1741679e2c
- github.com/pytest-dev/pytest/issues/13669
- github.com/pytest-dev/pytest/pull/14343
- github.com/pytest-dev/pytest/releases/tag/9.0.3
- nvd.nist.gov/vuln/detail/CVE-2025-71176
- www.openwall.com/lists/oss-security/2026/01/21/5
Code Behaviors & Features
Detect and mitigate CVE-2025-71176 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →