CVE-2025-47273

HIGH

setuptools < 78.1.1 - Path Traversal and Arbitrary File Write via PackageIndex

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2025-47273. PoCs published by XiaomingX, adminlove520, ahmedreda38.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-47273, a path traversal vulnerability in setuptools v78.1.0. The PoC demonstrates arbitrary file write by leveraging os.path.join() behavior with attacker-controlled URLs, leading to potential privilege escalation or RCE.

Description

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

Exploits (5)

github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2025/CVE-2025-47273

This repository contains a functional exploit for CVE-2025-47273, a path traversal vulnerability in setuptools v78.1.0. The PoC demonstrates arbitrary file write by leveraging os.path.join() behavior with attacker-controlled URLs, leading to potential privilege escalation or RCE.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: setuptools v78.1.0 and earlier
No auth needed
Prerequisites: setuptools v78.1.0 installed · ability to execute Python code on target
devstral-2 · analyzed Mar 16, 2026 Full analysis →
github WORKING POC 2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-47273

This repository contains a functional exploit for CVE-2025-47273, a path traversal vulnerability in setuptools v78.1.0. The PoC includes a malicious server and a command to overwrite arbitrary files, such as /root/.ssh/authorized_keys, leading to privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: setuptools v78.1.0
No auth needed
Prerequisites: setuptools v78.1.0 installed on target · ability to execute Python code on target · network access to attacker-controlled server
devstral-2 · analyzed Mar 16, 2026 Full analysis →
nomisec WORKING POC
by ahmedreda38 · poc
https://github.com/ahmedreda38/CVE-2025-47273-PoC

This repository contains a functional exploit for CVE-2025-47273, a path traversal vulnerability in setuptools version 78.1.0. The exploit leverages os.path.join() behavior to overwrite arbitrary files, demonstrated by overwriting /root/.ssh/authorized_keys for privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: setuptools version 78.1.0
No auth needed
Prerequisites: setuptools version 78.1.0 installed · ability to execute Python code on the target system
devstral-2 · analyzed Mar 16, 2026 Full analysis →
nomisec WORKING POC
by AliElKhatteb · poc
https://github.com/AliElKhatteb/CVE-2025-47273-POC

This repository contains a functional proof-of-concept exploit for CVE-2025-47273, a path traversal vulnerability in Python setuptools < 78.1.1. The exploit leverages the `PackageIndex` component's `_download_url` function to write arbitrary files to any location on the filesystem, demonstrated by writing an SSH public key to `/root/.ssh/authorized_keys`.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Python setuptools < 78.1.1
No auth needed
Prerequisites: Python 3 on both attacker and victim machines · SSH key pair on attacker machine · Victim script using setuptools `PackageIndex` with user-controlled URL
devstral-2 · analyzed Mar 16, 2026 Full analysis →
github WORKING POC
by manus-use · postscriptpoc
https://github.com/manus-use/cve-pocs/tree/main/CVE-2025-47273

The repository contains functional exploit code for CVE-2025-32433, targeting Erlang/OTP SSH. The PoC demonstrates a pre-authentication RCE by sending crafted SSH packets to execute arbitrary commands on the server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Erlang/OTP SSH (OTP-22.3.4.17)
No auth needed
Prerequisites: network access to the target SSH port · vulnerable Erlang/OTP version
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 8.8
EPSS 0.0012
EPSS Percentile 30.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (3)
debian/debian_linux 11.0
pypi/setuptools 0 - 78.1.1PyPI
python/setuptools < 78.1.1
Published May 17, 2025
Tracked Since Feb 18, 2026