修正版
3.9.3
A critical remote code execution (RCE) vulnerability has been identified in the NLTK (Natural Language Toolkit) downloader component, specifically affecting versions up to 3.9b1. The vulnerability stems from insufficient path validation during the extraction of downloaded zip packages, allowing attackers to inject malicious code. Successful exploitation could lead to complete system compromise. The vulnerability was published on 2026-02-18 and a fix is available in version 3.9.3.
The core issue lies within the unzipiter function in nltk/downloader.py, which utilizes zipfile.extractall() without proper security checks. An attacker can craft a specially designed zip archive containing malicious Python files, such as init.py. When a user downloads and extracts this archive using NLTK, these malicious files will be automatically executed upon import, granting the attacker arbitrary code execution privileges. This effectively bypasses standard security measures, as NLTK inherently trusts downloaded packages. The blast radius is significant, potentially impacting any system running vulnerable versions of NLTK and processing downloaded data.
This vulnerability is considered high probability due to the ease of crafting malicious zip files and the widespread use of NLTK in various NLP applications. No public proof-of-concept (PoC) has been released as of the publication date, but the simplicity of the exploit makes it likely that one will emerge. The vulnerability has been added to the CISA KEV catalog, indicating a heightened level of concern. Active exploitation campaigns are not currently confirmed, but the criticality of the vulnerability warrants proactive monitoring and mitigation.
Researchers and developers utilizing NLTK for natural language processing tasks are at significant risk. Specifically, those using older versions of NLTK (≤3.9b1) or those who automatically process downloaded data without proper validation are particularly vulnerable. Shared hosting environments where multiple users may be utilizing NLTK are also at increased risk.
• python / supply-chain:
import os
import zipfile
def check_nltk_download_path(download_dir):
for filename in os.listdir(download_dir):
if filename.endswith('.zip'):
try:
with zipfile.ZipFile(os.path.join(download_dir, filename), 'r') as zip_ref:
for member in zip_ref.infolist():
if not member.filename.startswith('nltk/'):
print(f"Suspicious file found in zip: {member.filename}")
except Exception as e:
print(f"Error processing zip file: {e}")
# Example usage (replace with actual download directory)
nltk_download_dir = '/path/to/nltk/downloads'
check_nltk_download_path(nltk_download_dir)• generic web: Check NLTK download directories for unexpected files or scripts. • generic web: Monitor system logs for unusual Python process execution after NLTK downloads.
disclosure
patch
エクスプロイト状況
EPSS
0.62% (70% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation is to immediately upgrade to NLTK version 3.9.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the NLTK downloader and manually verifying the integrity of any downloaded data. Implement strict file integrity checks on all downloaded packages before processing them. While a WAF or proxy cannot directly address this vulnerability, they can be configured to block downloads from untrusted sources. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring for unusual Python process execution after NLTK downloads is recommended.
Actualice la biblioteca NLTK a la última versión disponible. Esto solucionará la vulnerabilidad Zip Slip. Asegúrese de validar y desinfectar las entradas antes de procesarlas con NLTK.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-14009 is a critical remote code execution vulnerability in the NLTK downloader component, allowing attackers to execute arbitrary code through malicious zip packages.
You are affected if you are using NLTK versions 3.9b1 or earlier. Upgrade to 3.9.3 or later to mitigate the risk.
Upgrade to NLTK version 3.9.3 or later. If immediate upgrade is not possible, disable the downloader and manually verify downloaded data.
Active exploitation is not currently confirmed, but the vulnerability's criticality warrants proactive monitoring and mitigation.
Refer to the official NLTK security advisory and release notes for detailed information and updates: [https://www.nltk.org/]
requirements.txt ファイルをアップロードすると、影響の有無を即座にお知らせします。