CNNVD-202512-2782 Information

Dec 16, 2025 cve

CNNVD ID

CNNVD-202512-2782

CVE-2025-68146

  • CNNVD Published: 2025-12-16

Description (Chinese)

filelock是tox development team开源的一个Python文件锁。 filelock 3.20.1之前版本存在安全漏洞,该漏洞源于存在TOCTOU竞争条件,可能导致任意文件损坏或截断。

Description (English)

Filelock is a Python file lock from the open source of tox development team. There was a security loophole in the pre-filelock 3.20.1 version, which stemmed from the existence of the Toctou competitive conditions, which could lead to arbitrary document damage or interruption.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

tox development team

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/tox-dev/filelock/pull/461 https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e https://github.com/tox-dev/filelock/releases/tag/3.20.1 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68146

Patch

https://github.com/tox-dev/filelock/releases

Share on: