{"id":"CVE-2025-71176","details":"pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.","aliases":["GHSA-6w46-j5rx-g56g"],"modified":"2026-05-12T18:29:30.183096496Z","published":"2026-01-22T05:16:17.577Z","related":["CGA-mchm-7jcf-xp92","SUSE-SU-2026:1744-1","SUSE-SU-2026:21568-1","openSUSE-SU-2026:10666-1","openSUSE-SU-2026:20692-1"],"references":[{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/01/21/5"},{"type":"REPORT","url":"https://github.com/pytest-dev/pytest/issues/13669"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pytest-dev/pytest","events":[{"introduced":"0"},{"last_affected":"3d10b5148e03eb82b3ee29181dbdc73cf82699e2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0.2"}]}}],"versions":["1.0.0b3","1.1.0","1.1.1","1.2.0","1.2.1","1.3.0","1.3.1","1.3.2","1.3.3","2.0.0","2.0.1","2.0.2","2.0.3","2.1.0","2.1.2","2.1.3","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.4.0","2.4.1","2.4.2","2.5.0","2.5.1","2.5.2","2.6.0","2.6.1","2.6.2","2.6.3","2.7.0","2.8.0","2.8.1","2.8.2","2.8.3","2.8.5","3.1.3","6.2.0.dev0","6.3.0.dev0","7.1.0.dev0","7.2.0.dev0","7.4.0.dev0","8.0.0.dev0","8.1.0.dev0","8.2.0.dev0","8.3.0","8.3.0.dev0","8.5.0.dev0","9.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71176.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}]}