Security: CVE-2025-47273 - Path Traversal Vulnerability in PackageIndex #5124

vinaysamalla02 · 2025-11-27T20:36:08Z

vinaysamalla02
Nov 27, 2025

I am trying to remediate CVE-2025-47273 by upgrading setuptools to version 78.1.1 or later, but the upgrade did not resolve the vulnerability in my environment.

Details:

Attempted upgrade to: setuptools 78.1.1 (and later)

Questions:

Is there a plan or timeline for updating/removing the vulnerable setuptools version from embedded wheels?
Will there be a patch or release to address this?
Are there any recommended workarounds until a fix is released?

webknjaz · 2025-11-28T01:23:29Z

webknjaz
Nov 28, 2025
Collaborator

but the upgrade did not resolve the vulnerability in my environment.

Can you prove this?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Security: CVE-2025-47273 - Path Traversal Vulnerability in PackageIndex #5124

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Security: CVE-2025-47273 - Path Traversal Vulnerability in PackageIndex #5124

Uh oh!

vinaysamalla02 Nov 27, 2025

Replies: 1 comment

Uh oh!

webknjaz Nov 28, 2025 Collaborator

vinaysamalla02
Nov 27, 2025

webknjaz
Nov 28, 2025
Collaborator