CVE-2025-53358: File Ui Py Cwe 000 Cve 2025 53358
The code calls `zipfile.ZipFile.extractall()` without evidently validating archive members prior to the call. This can lead to a Zip Slip vulnerability where malicious zip archive entries with directory traversal characters or malicious symlinks write files outside the intended destination directory. Ensure you iterate over the entries in the zip file using
Pythongreprules fetch cve-2025-53358-file-ui-py-cwe-000-cve-2025-53358 --engine opengrepDescription
The code calls `zipfile.ZipFile.extractall()` without evidently validating archive members prior to the call. This can lead to a Zip Slip vulnerability where malicious zip archive entries with directory traversal characters or malicious symlinks write files outside the intended destination directory. Ensure you iterate over the entries in the zip file using
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0