CVE-2025-8291 in CPython
Summary
by MITRE • 10/07/2025
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.
Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/24/2026
The vulnerability described in CVE-2025-8291 affects the zipfile module's handling of ZIP64 End of Central Directory (EOCD) Locator records, representing a significant deviation from standard ZIP archive processing behavior. This flaw resides in the module's inability to properly validate the offset value specified in the ZIP64 EOCD Locator record, which is a critical component in ZIP64 format archives designed to handle archives larger than 4GB. The vulnerability stems from the module's assumption that the ZIP64 EOCD record will always appear immediately before the EOCD Locator record, rather than respecting the offset value that explicitly defines its location within the archive structure.
The technical implementation flaw manifests when processing ZIP64 archives where the EOCD Locator record contains an offset that differs from the actual location of the EOCD record. This discrepancy creates a parsing inconsistency where the zipfile module follows a non-standard approach by assuming the EOCD record's position based on sequential ordering rather than the offset value specified in the locator. This behavior creates a divergence from industry-standard ZIP processing, as legitimate ZIP implementations consistently use the offset value to locate the EOCD record, ensuring proper archive parsing regardless of record positioning. The vulnerability operates at the level of the ZIP file format specification, specifically targeting the ZIP64 extension mechanism that was introduced to address limitations of the original ZIP format.
The operational impact of this vulnerability extends beyond simple parsing inconsistencies, as it creates potential security implications through archive manipulation attacks. An attacker could craft malicious ZIP archives where the EOCD Locator record specifies an incorrect offset, causing the zipfile module to process the archive differently than other compliant implementations. This inconsistency could lead to various security concerns including potential denial of service conditions, where malformed archives might cause unexpected behavior or crashes in applications relying on the zipfile module. The vulnerability also opens possibilities for information disclosure or privilege escalation scenarios where applications process untrusted ZIP archives without proper validation of the offset values, potentially leading to unexpected memory access patterns or data corruption.
The remediation approach addresses this vulnerability by implementing proper validation of the offset value specified in the ZIP64 EOCD Locator record against the expected value calculated from the archive structure. This fix aligns with the established ZIP file format specification requirements and ensures consistent behavior across different ZIP implementations. The solution follows the principle of input validation and defensive programming practices that are fundamental to secure software development. Security practitioners should note that this vulnerability relates to CWE-129, which covers improper validation of array index, and aligns with ATT&CK technique T1059.007 for execution through archive manipulation. The fix ensures that applications processing ZIP archives maintain predictable behavior and prevent potential exploitation through malformed offset values in ZIP64 structures.
This vulnerability demonstrates the importance of strict adherence to file format specifications in security-sensitive code modules. The zipfile module's behavior represents a deviation from the ZIP file format standard that could create interoperability issues and security risks in environments where applications process untrusted ZIP archives. The remediation approach emphasizes the need for comprehensive validation of all offset values in file format parsers, particularly in extensions that introduce new structural elements like ZIP64. Organizations should prioritize updating their systems to address this vulnerability, as it represents a potential attack surface that could be exploited in scenarios involving archive processing, particularly in web applications, file upload systems, or any environment where ZIP archives are processed without proper validation of structural elements.