CVE-2025-47273 – Setuptools Remote Code Execution via Path Traversal

May 17, 2025

CVE ID : CVE-2025-47273

Published : May 17, 2025, 4:15 p.m. | 30 minutes ago

Description : setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4830 – TOTOLINK A702R/A3002R/A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

Next Article CVE-2025-47931 – LibreNMS Stored Cross-Site Scripting (XSS) Vulnerability

Highlights

CVE-2025-5540 – WordPress Event RSVP and Simple Event Management Plugin Stored Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-5540

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

14 secret phone codes that unlock hidden features on your Android and iPhone

Stop using AI for these 9 work tasks – here’s why

A smart sensor assessed my home’s risk of electrical fires, and I was impressed

I brought Samsung’s rugged Galaxy tablet on a hiking trip, and it weathered everything

AI’s Hidden Thirst: The Water Behind Tech

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

Maintaining Data Consistency with Laravel Database Transactions

5 Best VPN for Lenovo Laptops to Enjoy the Web Safely

5 Best VPN for Lenovo Laptops to Enjoy the Web Safely

3 Best Antivirus and Malware Protection Software

11 Best Antivirus Without Ads

CVE-2025-47273 – Setuptools Remote Code Execution via Path Traversal

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

CVE-2025-20283 – “Cisco ISE and ISE-PIC Root Code Execution Vulnerability”

Trump’s AI-generated papal portrait sparks controversy and debate

CVE-2025-6481 – “Simple Pizza Ordering System SQL Injection Vulnerability”

CVE-2025-43270 – Apple macOS Network Access Bypass Vulnerability

CVE-2025-5540 – WordPress Event RSVP and Simple Event Management Plugin Stored Cross-Site Scripting Vulnerability

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

CVE-2025-46348 – YesWiki Unauthenticated Archive Creation and Download Vulnerability

NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

CVE-2025-47273 – Setuptools Remote Code Execution via Path Traversal

Related Posts