CVE-2025-6075 – Quadratic complexity in os.path.expandvars() with user-controlled template

CVE ID : CVE-2025-6075

Published : Oct. 31, 2025, 4:41 p.m. | 45 minutes ago

Description : If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment
variables.

Severity: 1.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…