Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

🗓️ 27 Feb 2025 00:00:00Reported by FreeBSDType

freebsd

freebsd🔗 vuxml.freebsd.org👁 29 Views

Spotipy's cache file has broad permissions, exposing Spotify auth token to potential attackers.

Reporter	Title	Published	Views	Family All 31
Circl	CVE-2025-27154	27 Feb 202507:24	–	circl
CNNVD	Spotipy 安全漏洞	27 Feb 202500:00	–	cnnvd
CVE	CVE-2025-27154	27 Feb 202513:53	–	cve
Cvelist	CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions	27 Feb 202513:53	–	cvelist
Debian CVE	CVE-2025-27154	27 Feb 202513:53	–	debiancve
EUVD	EUVD-2025-5469	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 42 Update: python-spotipy-2.25.1-1.fc42	15 Mar 202500:49	–	fedora
Fedora	[SECURITY] Fedora 41 Update: python-spotipy-2.25.1-1.fc41	8 Mar 202501:24	–	fedora
Fedora	[SECURITY] Fedora 40 Update: python-spotipy-2.25.1-1.fc40	8 Mar 202501:36	–	fedora
Tenable Nessus	Fedora 40 : python-spotipy (2025-2215919645)	10 Mar 202500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
FreeBSD	any	noarch	py38-spotipy	2.25.1	UNKNOWN
FreeBSD	any	noarch	py39-spotipy	2.25.1	UNKNOWN
FreeBSD	any	noarch	py310-spotipy	2.25.1	UNKNOWN
FreeBSD	any	noarch	py311-spotipy	2.25.1	UNKNOWN

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-27154

27 Feb 2025 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.19.8

CVSS 48.4

EPSS0.00236

SSVC

spotipy cache file auth token permissions security vulnerability version 2.25.1 unix