CVE-2023-6597 HIGH

CVE-2023-6597

Vendor Python Software Foundation
Product CPython
Published March 19, 2024
Last update November 3, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Key dates

02Disclosure timeline

March 19, 2024 CVE published
November 3, 2025 Record updated