Impact
In versions 0.8.21 and earlier of uv, source distributions (sdists) may extract outside of their intended extraction prefix via a specially crafted sequence of symlinks. This enables an arbitrary write during extraction, which a malicious source distribution could use to write to filesystem locations outside of the intended installation prefix.
In practice, the impact of this vulnerability is low: source distributions execute arbitrary code at build/installation time by definition, and so a malicious source distribution already has access to arbitrary filesystem locations by design. However, this particular source of arbitrary source of file writes is unintentional and not operating by design, and therefore we consider it a vulnerability despite its overlap with intended behavior.
This vulnerability does not affect wheel installations, as wheels are not delivered as tar archives. Users who install packages via wheels are not affected.
Patches
Versions 0.8.22 and newer of uv address the vulnerability above. Users should upgrade to 0.8.22 or newer.
Workarounds
Users are advised to upgrade to version 0.8.22 or newer to address this advisory.
Users should experience no breaking changes as a result of the patch above.
References
This vulnerability is similar to (but not related in code) to CVE-2025-4138 and CVE-2025-4517, which concern Python's tarfile module.
calebbrown Finder
charliermarsh Remediation developer
woodruffw Coordinator
zanieb Remediation reviewer
Impact
In versions 0.8.21 and earlier of uv, source distributions (sdists) may extract outside of their intended extraction prefix via a specially crafted sequence of symlinks. This enables an arbitrary write during extraction, which a malicious source distribution could use to write to filesystem locations outside of the intended installation prefix.
In practice, the impact of this vulnerability is low: source distributions execute arbitrary code at build/installation time by definition, and so a malicious source distribution already has access to arbitrary filesystem locations by design. However, this particular source of arbitrary source of file writes is unintentional and not operating by design, and therefore we consider it a vulnerability despite its overlap with intended behavior.
This vulnerability does not affect wheel installations, as wheels are not delivered as tar archives. Users who install packages via wheels are not affected.
Patches
Versions 0.8.22 and newer of uv address the vulnerability above. Users should upgrade to 0.8.22 or newer.
Workarounds
Users are advised to upgrade to version 0.8.22 or newer to address this advisory.
Users should experience no breaking changes as a result of the patch above.
References
This vulnerability is similar to (but not related in code) to CVE-2025-4138 and CVE-2025-4517, which concern Python's
tarfilemodule.