CVE-2025-13327 Overview
A security vulnerability has been identified in uv, the fast Python package installer and resolver written in Rust. This flaw allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials. The vulnerability requires user interaction to install an attacker-controlled package, making it a supply chain attack vector that targets developers and systems using uv for Python package management.
Critical Impact
Attackers can achieve arbitrary code execution on systems using uv by crafting malicious ZIP archives that exploit inconsistencies in how ZIP files are parsed, potentially compromising developer workstations and CI/CD pipelines.
Affected Products
- uv Python package installer (versions prior to security fix)
- Systems using uv for Python package resolution and installation
- CI/CD pipelines and development environments utilizing uv
Discovery Timeline
- 2026-02-27 - CVE-2025-13327 published to NVD
- 2026-02-27 - Last updated in NVD database
Technical Details for CVE-2025-13327
Vulnerability Analysis
This vulnerability falls under CWE-1286 (Improper Validation of Syntactic Correctness of Input), which occurs when the product receives input that is expected to be well-formed but fails to properly validate that the input complies with the expected syntax. In this case, uv's ZIP archive parsing implementation exhibits differential behavior compared to other ZIP implementations, allowing attackers to craft archives that are interpreted differently by various parsers.
The attack targets the package installation workflow where uv processes ZIP-formatted Python packages (wheels and source distributions). By exploiting inconsistencies in how the ZIP format is parsed, an attacker can embed malicious content that bypasses security checks or gets extracted in unexpected ways. This is particularly dangerous in the context of Python package management where packages can execute arbitrary code during installation through setup scripts.
Root Cause
The root cause stems from improper validation of ZIP archive structure and metadata during the package extraction process. ZIP files have a complex format with multiple ways to specify file metadata, and different implementations may interpret ambiguous or malformed archives differently. These parsing differentials create opportunities for attackers to craft archives that appear benign to some validation tools but contain malicious payloads when processed by uv.
Attack Vector
This vulnerability requires local access and user interaction. The attack scenario involves:
- An attacker creates a malicious Python package containing a specially crafted ZIP archive
- The attacker distributes this package through a package index or tricks a user into installing it directly
- When the victim runs uv pip install or similar commands to install the malicious package, the ZIP parsing differential is exploited
- Malicious code is executed during the package resolution or installation phase
The local attack vector and requirement for user interaction (installing the malicious package) are mitigating factors, though the potential for supply chain attacks through compromised or typosquatted packages remains a significant concern.
The vulnerability mechanism involves crafting ZIP archives that exploit differences in how various ZIP parsers handle edge cases such as overlapping file entries, inconsistent central directory records, or malformed compression headers. For detailed technical information, refer to the GitHub Security Advisory GHSA-pqhf-p39g-3x64.
Detection Methods for CVE-2025-13327
Indicators of Compromise
- Unexpected process spawning during uv pip install or uv sync operations
- Unusual file writes outside of expected package installation directories
- Network connections initiated during package installation that don't correspond to package downloads
- Modified or suspicious Python packages in local cache directories
Detection Strategies
- Monitor package installation commands for unexpected child process execution
- Implement file integrity monitoring on critical system directories during package installation operations
- Use behavioral analysis to detect anomalous activity during Python package management operations
- Audit installed packages against known-good hashes from trusted package indices
Monitoring Recommendations
- Enable verbose logging for uv operations to capture detailed installation activity
- Implement network monitoring to detect unexpected outbound connections during package installation
- Set up alerts for process execution chains originating from uv processes
- Regularly audit installed packages and compare against expected dependencies
How to Mitigate CVE-2025-13327
Immediate Actions Required
- Update uv to the latest version that includes the security fix (commit da659fee4898a73dbc75070f3e82d49f745e4628)
- Review recently installed packages for any suspicious or unexpected dependencies
- Restrict package installation to trusted package indices only
- Implement package signature verification where available
Patch Information
The vulnerability has been addressed in the uv project. The fix is available in commit da659fee4898a73dbc75070f3e82d49f745e4628. Organizations should update to a version of uv that includes this commit. Additional information is available through the Red Hat CVE page and Red Hat Bug Report #2407263.
Workarounds
- Only install packages from trusted and verified sources until patched
- Use hash verification for all package installations with --require-hashes flag
- Review package contents before installation using uv pip download followed by manual inspection
- Consider using a private package index with curated and scanned packages
# Configuration example: Enable hash verification for package installations
# Create or update requirements.txt with hashes
uv pip compile requirements.in --generate-hashes -o requirements.txt
# Install with hash verification required
uv pip install --require-hashes -r requirements.txt
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
