Creation of Temporary File in Directory with Insecure Permissions in pytest

CVE-2025-71176

pytest

Medium

6.8/10

Summary

pytest through 9.0.2 on UNIX relies on directories with the "/tmp/pytest-of-{user}" name pattern, which allows local users to cause a denial of service or possibly gain privileges.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Jan 22, 2026

Creation of Temporary File in Directory with Insecure Permissions in pytest

CVE-2025-71176

Summary

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS