Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools [CVE-2025-47273]

Summary M Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools, due to an issue that allows users to download, build, install, upgrade, and uninstall Python packages CVE-2025-47273. Setuptools is used in our speech service runtimes. This vulnerabilitiy has been...

Security Bulletin: IBM Security Verify Directory (Container) is affected by a vulnerability in the setuptools package (CVE-2025-47273)

Summary A vulnerability in the setuptools package used by IBM Security Verify Directory Container has been addressed Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path...

Security Bulletin: Vulnerabilities in setuptools affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in setuptools has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION:...

MiracleLinux 9 : python3.11-setuptools-65.5.1-2.el9_4.1 (AXSA:2024-8653:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8653:01 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 8 : resource-agents-4.9.0-54.el8_10.4 (AXSA:2024-8815:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8815:06 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 pypa/setuptools: Remote code execution via...

MiracleLinux 8 : python3.12-setuptools-68.2.2-4.el8_10 (AXSA:2024-8682:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8682:01 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2024-8429:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8429:01 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 python-cryptography: memory corruption via immutable...

MiracleLinux 8 : fence-agents-4.2.1-129.el8_10.4 (AXSA:2024-8788:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8788:10 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 pypa/setuptools: Remote code execution via...

MiracleLinux 9 : python3.12-setuptools-68.2.2-3.el9_4.1 (AXSA:2024-8684:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8684:02 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...

MiracleLinux 7 : python-setuptools-0.9.8-7.0.2.el7.AXS7 (AXSA:2025-10851:04)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10851:04 advisory. CVE-2025-47273: fix path traversal vulnerability in PackageIndex CVEs: CVE-2025-47273 setuptools is a package that allows users to download, build, install,...

MiracleLinux 9 : fence-agents-4.10.0-86.el9_6.7 (AXSA:2025-10639:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10639:07 advisory. setuptools: Path Traversal Vulnerability in setuptools PackageIndex CVE-2025-47273 Tenable has extracted the preceding description block directly from the...

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1209)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1209 advisory. - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path travers...

TencentOS Server 2: python3-setuptools (TSSA-2025:0617)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0617 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 2: python-setuptools (TSSA-2024:0503)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0503 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Security Bulletin: Astronomer with IBM is vulnerable to path traversal issues due to the setuptools package (CVE-2025-47273)

Summary Setuptools is used by Astronomer with IBM as part of the package management functionality. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability ...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in platform-python-setuptools python3-setuptools-wheel setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in platform-python-setuptools python3-setuptools-wheel setuptools Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade,...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools-70.3.0-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools-70.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python package...

AlmaLinux 10 : python-setuptools (ALSA-2025:9940)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9940 advisory. setuptools: Path Traversal Vulnerability in setuptools PackageIndex CVE-2025-47273 Tenable has extracted the preceding description block directly from the AlmaLin...