[GHSA-4xh5-x5gv-qwph] pip's fallback tar extraction doesn't check symbolic links point to extraction directory

[akarve]

Updates

• Affected products

Comments
Current remedy is impossible . Remedy is to upgrade to 25.2 but <= 25.2 is affected. Latest on pypi is in fact 25.2. What is the intention here, to upgrade to an unreleased but expected version or is this a semantic bug?

[shelbyc]

Hi @akarve, per https://pypi.org/project/pip/#history version 25.2 was released on 30 July 2025. pypa/pip#13550, the patch for CVE-2025-8869, wasn't incorporated into pip until August 2025. I hope this explanation helps.

[akarve]

It helps understand what is happening but it doesn't alleviate the issue that pip-audit output is unfixable (short of ignore) until and unless either a higher minor version is released or until the condition is relaxed.

[shelbyc]

@akarve More information about how to mitigate CVE-2025-8869 and handle pip-audit (including setting the ignore flag) is available at pypa/pip#13607 (comment). It's difficult to label a version as fixed or not fixed when the mitigation depends on one's underlying Python version, but at least one person has requested the ability to consider the Python version in one's environment in pip-audit: pypa/pip-audit#949

In the meantime, I've changed the description to remove the statement that version 25.2 contains a patch per #6246 (comment).