Linux Distros Unpatched Vulnerability : CVE-2025-27154

🗓️ 08 Aug 2025 00:00:00Reported by TenableType

CVE-2025-27154 Spotipy CacheHandler exposes auth token due to 644 perms; fixed to 600 in 2.25.1.

Reporter	Title	Published	Views	Family All 31
FreeBSD	Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions	27 Feb 202500:00	–	freebsd
Circl	CVE-2025-27154	27 Feb 202507:24	–	circl
CNNVD	Spotipy 安全漏洞	27 Feb 202500:00	–	cnnvd
CVE	CVE-2025-27154	27 Feb 202513:53	–	cve
Cvelist	CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions	27 Feb 202513:53	–	cvelist
Debian CVE	CVE-2025-27154	27 Feb 202513:53	–	debiancve
EUVD	EUVD-2025-5469	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 42 Update: python-spotipy-2.25.1-1.fc42	15 Mar 202500:49	–	fedora
Fedora	[SECURITY] Fedora 41 Update: python-spotipy-2.25.1-1.fc41	8 Mar 202501:24	–	fedora
Fedora	[SECURITY] Fedora 40 Update: python-spotipy-2.25.1-1.fc40	8 Mar 202501:36	–	fedora

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2025-27154
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(246109);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/21");

  script_cve_id("CVE-2025-27154");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-27154");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache
    file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions
    by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad
    exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine,
    or a process running as another user), it can be used to perform administrative actions on the Spotify
    account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions.
    (CVE-2025-27154)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-27154");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-27154");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:spotipy");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-25.04", "Host/OS/Ubuntu Linux-25.10");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-25.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.04",
        "pkgs": [
          {"reference": "spotipy"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "spotipy"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

21 May 2026 00:00Current

7High risk

Vulners AI Score7

CVSS 3.19.8

CVSS 48.4

EPSS0.00236

SSVC