cbcvebase.
CVE-2025-14009
published 2026-02-18

CVE-2025-14009: A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses…

PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.79%
51.7th percentile
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiannltk< nltk 3.9.3-1 (forky)nltk 3.9.3-1 (forky)
nltknltk< 3.9.33.9.3
nltknltk>= 0 < 3.9.3-13.9.3-1
nltknltk>= 0 < 3.9.33.9.3
nltknltk_nltkunspecified – latest
ubuntunltk

Detection & IOCsextracted from sources · hover to see the quote

pathnltk/downloader.py
  • Detect Zip Slip exploitation attempts: monitor for zip archive extraction by NLTK (nltk/downloader.py _unzip_iter) that writes files outside the intended extraction directory (path traversal sequences such as '../' in zip entry names).
  • Alert on unexpected creation or overwrite of __init__.py files in NLTK data/package directories following a download/extraction event, as this is the primary RCE trigger mechanism.
  • Monitor file-system write events originating from the NLTK downloader process that land outside expected NLTK data directories — indicative of a Zip Slip path-traversal payload.
  • Flag NLTK installations processing untrusted or externally-sourced zip archives; the vulnerability is only exploitable when NLTK extracts zip packages from untrusted sources.
  • ·The vulnerability is fixed in NLTK version 3.9.3-1 (Debian forky/sid). Systems running earlier versions remain vulnerable.
  • ·NLTK assumes all downloaded packages are trusted by design; there is no built-in validation of zip contents prior to extraction, making any deployment that processes externally-sourced packages at risk.
  • ·Red Hat-specific risk reduction: default authentication requirements lower the exploitability, but affected products (OpenShift Lightspeed, RHOAI) remain listed as affected with no available mitigation meeting Red Hat criteria.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.