## Pytest 9.0.2 Security Flaw: Local UNIX Users Can Trigger DoS or Privilege Escalation
A critical security vulnerability in the popular Python testing framework, pytest, exposes UNIX-based systems to local denial-of-service attacks and potential privilege escalation. The flaw, tracked as CVE-2025-71176, is present in all versions up to and including 9.0.2. It stems from the framework's predictable use of directories named `/tmp/pytest-of-{user}`, creating an attack surface that local users on a shared system can exploit.

The vulnerability has been assigned a CVSS v3.1 score of 6.8 (Medium), with a vector indicating local attack complexity, no privileges required, and impacts on confidentiality, integrity, and availability. The core risk is that a malicious local user could manipulate or interfere with these temporary directories, potentially disrupting test execution for other users or, in worst-case scenarios, elevating their own privileges on the system. The pytest development team has addressed this issue in the newly released version 9.0.3.

This update is not a routine patch; it is a mandatory security fix for any development or CI/CD environment running on multi-user UNIX or Linux systems. The flaw highlights the often-overlooked security implications of predictable temporary file handling in developer tools. Organizations and individual developers relying on pytest must prioritize upgrading to version 9.0.3 to mitigate the risk of local resource interference and secure their testing pipelines from internal threats.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: cybersecurity, software vulnerability, python, CVE-2025-71176, open source
- **Credibility**: unverified
- **Published**: 2026-04-16 00:22:58
- **ID**: 66481
- **URL**: https://whisperx.ai/en/intel/66481