Improper Validation of Syntactic Correctness of Input

CVE-2025-13327

Medium

6.3/10

Summary

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1286 - Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

References

Advisory Timeline

Published Feb 27, 2026

Improper Validation of Syntactic Correctness of Input

CVE-2025-13327

Summary

CWE-1286 - Improper Validation of Syntactic Correctness of Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS