CVE-2025-13327 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-13327 Interim 1 1 2026-03-05T01:25:18Z current 2026-03-05T01:25:18Z 2026-03-05T01:25:18Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-13327 A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 python-uv python313-uv python313-uv as a component of SUSE Linux Enterprise Server 16.0 python-uv as a component of SUSE Linux Enterprise Server 16.0 python313-uv as a component of SUSE Linux Enterprise Server for SAP applications 16.0 python-uv as a component of SUSE Linux Enterprise Server for SAP applications 16.0 A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package. CVE-2025-13327 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H