rootio-python3.13: Unpatched Python Library Leads to Arbitrary Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

rootio-python3.13: Unpatched Python Library Leads to Arbitrary Code Execution

ROOT-OS-DEBIAN-13-CVE-2025-8291

Summary

A security patch has been released for the rootio-python3.13 package on Debian 13. If left unpatched, a malicious attacker could potentially inject arbitrary code, putting your system at risk. Update to the latest version to ensure you have the latest security fixes.

What to do

Update rootio-python3.13 to version 3.13.5-2.root.io.14.
Update rootio-python3.13 to version 3.13.5-2.root.io.16.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:Debian:13	–	rootio-python3.13	< 3.13.5-2.root.io.14 < 3.13.5-2.root.io.16 Fix: upgrade to 3.13.5-2.root.io.14

Original title

CVE-2025-8291 in rootio-python3.13 - Patched by Root

Original description

Root has patched CVE-2025-8291 in the rootio-python3.13 package for Root:Debian:13. Multiple fixed versions available.

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 30 Mar 2026