1. Critical Pip Vulnerability CVE-2025-8869 Exposes Systems to Arbitrary File Write via Malicious Archives
A critical security flaw in Python's ubiquitous package installer, pip, has been disclosed, exposing systems to arbitrary file writes during package extraction. The vulnerability, tracked as CVE-2025-8869, resides in pip's fallback tar archive extraction logic. It fails to properly validate symbolic links when the unde...