5 matches found
CVE-2025-14009 vulnerabilities
Vulnerabilities for packages: py3-nltk, kubeflow-pipelines-visualization-server, apache-beam-python-3.11-sdk, label-studio, open-webui, nemo...
CVE-2025-14009
A code execution vector has been discovered in the python NTLK library. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, ca...
CVE-2025-14009
creationtimestamp| type| source ---|---|--- 2026-02-18 18:32:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mf5pnybld22m 2026-02-18 19:00:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5rababgq2h...
01os (=0.0.14), aa-rag (>=0.4.2 <=0.4.3) +924 more potentially affected by CVE-2025-14009 via nltk (>=2.0.4 <=3.9.2)
nltk PYPI version =2.0.4, =0.4.2, =0.2.3, =0.2.0, =0.0.4, =0.0.1, =0.1.0, =0.1.0, =0.0.9, =0.1.0 and more Source cves: CVE-2025-14009 Source advisory: OSV:GHSA-7P94-766C-HGJP...
CVE-2025-14009 Zip Slip Vulnerability in nltk/nltk Leading to Remote Code Execution
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...