CVE-2025-8291 Overview
CVE-2025-8291 is a parsing inconsistency vulnerability in the Python zipfile module. The module fails to validate the offset value in the ZIP64 End of Central Directory (EOCD) Locator record. Instead of using that offset to locate the ZIP64 EOCD record, the module assumes the EOCD record is the previous record in the archive. Attackers can craft ZIP archives that zipfile parses differently than other ZIP implementations, enabling parser confusion attacks. This weakness is tracked as CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input.
Critical Impact
Parser differentials between Python zipfile and other ZIP tools can be abused to bypass security scanners, antivirus engines, and content inspection that rely on consistent archive parsing.
Affected Products
- CPython zipfile module (multiple versions prior to patch)
- Python applications and tooling that consume ZIP archives via the standard library
- Security scanners and archive processors built on CPython zipfile
Discovery Timeline
- 2025-10-07 - CVE-2025-8291 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-8291
Vulnerability Analysis
The Python zipfile module handles ZIP64 archives, an extension to the ZIP format that supports files and archives larger than 4 GB. ZIP64 archives include a ZIP64 EOCD Locator record that specifies the byte offset of the ZIP64 EOCD record within the archive. The zipfile module reads the Locator but does not use the offset field to seek to the ZIP64 EOCD record. Instead, it treats the record immediately preceding the Locator as the ZIP64 EOCD record.
This behavior diverges from the ZIP specification and from implementations that honor the offset field. An attacker who controls archive structure can place a benign ZIP64 EOCD record where zipfile will read it, while pointing the Locator offset at a different EOCD record that other parsers will use. The result is a single archive that yields two different file listings depending on the parser. This class of weakness is referred to as a parser differential or schism attack.
Root Cause
The root cause is missing input validation. The zipfile module never compares the Locator's stated offset against the actual position used to read the ZIP64 EOCD record. Remediation preserves the previous behavior of reading the prior record but adds a check that the offset declared in the Locator matches the expected position.
Attack Vector
Exploitation requires user interaction, typically by inducing a victim or automated pipeline to process a malicious ZIP archive. An attacker crafts a ZIP64 archive with conflicting EOCD structures. Antivirus, sandbox, or content-inspection tools that use a spec-compliant ZIP parser see one set of contents. Downstream Python code using zipfile extracts a different set. This can be abused to smuggle malicious files past scanners or to bypass allowlists that inspect archive contents before delivery to a Python consumer.
No verified public exploit code is published for this issue. Technical detail is available in the Google security advisory GHSA-hhv7-p4pg-wm6p and the CPython issue #139700.
Detection Methods for CVE-2025-8291
Indicators of Compromise
- ZIP archives where the ZIP64 EOCD Locator offset does not point to the byte position of the ZIP64 EOCD signature (0x06064b50)
- Archives containing multiple EOCD or ZIP64 EOCD records with differing central directory pointers
- Discrepancies between file listings produced by unzip, 7z, and Python zipfile.ZipFile.namelist() on the same archive
Detection Strategies
- Parse incoming ZIP archives with two independent implementations and compare file listings, sizes, and CRCs for mismatches
- Validate that the offset declared in the ZIP64 EOCD Locator record matches the actual file position of the ZIP64 EOCD record before processing
- Flag archives that contain unreferenced or duplicate EOCD structures during preprocessing in mail gateways and upload handlers
Monitoring Recommendations
- Log Python runtime and interpreter versions in build and CI systems to identify hosts still running an unpatched zipfile
- Monitor file processing pipelines for parser errors or content mismatches between scanning and extraction stages
- Track ZIP archives originating from untrusted sources that target Python-based services, including data ingestion APIs and CI/CD artifact handlers
How to Mitigate CVE-2025-8291
Immediate Actions Required
- Upgrade CPython to a patched release that includes the fix from commits 1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46 and 162997bb70e067668c039700141770687bc8f267
- Inventory applications that accept ZIP archives from untrusted sources and prioritize patching those systems
- Rebuild and redeploy container images and virtual environments that bundle vulnerable Python versions
Patch Information
The CPython project addressed CVE-2025-8291 by retaining the existing parsing behavior while adding a validation step. The patched zipfile now verifies that the offset specified in the ZIP64 EOCD Locator matches the expected position of the ZIP64 EOCD record. Review the Python Security Announcement, the PSF advisory PSF-2025-12, and the GitHub Pull Request #139702 for fix details.
Workarounds
- Pre-validate ZIP archives with a spec-compliant parser and reject any archive where the ZIP64 EOCD Locator offset does not match the ZIP64 EOCD signature location
- Require archives to be re-packed by a trusted tool before passing them to Python zipfile consumers
- Restrict the use of zipfile on attacker-controlled input until patched interpreters are deployed across all hosts
# Verify the installed Python version after patching
python3 --version
python3 -c "import zipfile, sys; print(zipfile.__file__); print(sys.version)"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

