Platform
python
Component
nltk
Fixed in
3.9.3
A critical remote code execution (RCE) vulnerability has been identified in the NLTK (Natural Language Toolkit) downloader component, specifically affecting versions up to 3.9b1. The vulnerability stems from insufficient path validation during the extraction of downloaded zip packages, allowing attackers to inject malicious code. Successful exploitation could lead to complete system compromise. The vulnerability was published on 2026-02-18 and a fix is available in version 3.9.3.
The core issue lies within the unzipiter function in nltk/downloader.py, which utilizes zipfile.extractall() without proper security checks. An attacker can craft a specially designed zip archive containing malicious Python files, such as init.py. When a user downloads and extracts this archive using NLTK, these malicious files will be automatically executed upon import, granting the attacker arbitrary code execution privileges. This effectively bypasses standard security measures, as NLTK inherently trusts downloaded packages. The blast radius is significant, potentially impacting any system running vulnerable versions of NLTK and processing downloaded data.
This vulnerability is considered high probability due to the ease of crafting malicious zip files and the widespread use of NLTK in various NLP applications. No public proof-of-concept (PoC) has been released as of the publication date, but the simplicity of the exploit makes it likely that one will emerge. The vulnerability has been added to the CISA KEV catalog, indicating a heightened level of concern. Active exploitation campaigns are not currently confirmed, but the criticality of the vulnerability warrants proactive monitoring and mitigation.
Exploit Status
EPSS
0.62% (70% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade to NLTK version 3.9.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the NLTK downloader and manually verifying the integrity of any downloaded data. Implement strict file integrity checks on all downloaded packages before processing them. While a WAF or proxy cannot directly address this vulnerability, they can be configured to block downloads from untrusted sources. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring for unusual Python process execution after NLTK downloads is recommended.
Actualice la biblioteca NLTK a la última versión disponible. Esto solucionará la vulnerabilidad Zip Slip. Asegúrese de validar y desinfectar las entradas antes de procesarlas con NLTK.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-14009 is a critical remote code execution vulnerability in the NLTK downloader component, allowing attackers to execute arbitrary code through malicious zip packages.
You are affected if you are using NLTK versions 3.9b1 or earlier. Upgrade to 3.9.3 or later to mitigate the risk.
Upgrade to NLTK version 3.9.3 or later. If immediate upgrade is not possible, disable the downloader and manually verify downloaded data.
Active exploitation is not currently confirmed, but the vulnerability's criticality warrants proactive monitoring and mitigation.
Refer to the official NLTK security advisory and release notes for detailed information and updates: [https://www.nltk.org/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.