CVE-2025-68146 [Medium] | Security Vulnerability in Filelock

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with O_TRUNC. An attacker can create a symlink pointing to a victim file in the time gap between the check and open, causing os.open() to follow the symlink and truncate the target file. All users of filelock on Unix, Linux, macOS, and Windows systems are impacted. The vulnerability cascades to dependent libraries. The attack requires local filesystem access and ability to create symlinks (standard user permissions on Unix; Developer Mode on Windows 10+). Exploitation succeeds within 1-3 attempts when lock file paths are predictable. The issue is fixed in version 3.20.1. If immediate upgrade is not possible, use SoftFileLock instead of UnixFileLock/WindowsFileLock (note: different locking semantics, may not be suitable for all use cases); ensure lock file directories have restrictive permissions (chmod 0700) to prevent untrusted users from creating symlinks; and/or monitor lock file directories for suspicious symlinks before running trusted applications. These workarounds provide only partial mitigation. The race condition remains exploitable. Upgrading to version 3.20.1 is strongly recommended.

EDB-ID	Source	Kind	Published	Link
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.01%	0.18%	+0.17%
2	2025-12-17	—	0.01%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.01%

0.18%

+0.17%

2025-12-17

—

0.01%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.3	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.0	5.2	[email protected]
6.5	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.0	5.5	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.3

3.1

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.0

5.2

[email protected]

6.5

3.1

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L): Some sensitive info could get out, but not a total data dump.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.0

5.5

[email protected]

Weakness enumeration for CVE-2025-68146

OS Trackers for CVE-2025-68146

vendor	priority	summary	link
`alpine`	—	CVE-2025-68146: 1 source package rows (py3-filelock); 6 state rows across 3 repos (3.23-main, edge-community, edge-main); fixed 0, open 6.	https://security.alpinelinux.org/vuln/CVE-2025-68146
`debian`	not yet assigned	CVE-2025-68146 not yet assigned priority: Debian including 1 source packages (python-filelock), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 3, open 2.	https://security-tracker.debian.org/tracker/CVE-2025-68146
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2025-68146
`suse`	medium	CVE-2025-68146 severity moderate: SUSE including 24 source package names (2.1.3-5.8:e2fsprogs-1.47.0-3.1, 2.1.3-5.8:libcom_err2-1.47.0-3.1, …), 75 product×package rows across 43 product lines (Container suse/multi-linux-manager/5.1/x86_64/server, Container suse/sl-micro/6.0/baremetal-os-container, … (43 product lines)): Fixed 74, First Fixed 1.	https://www.suse.com/security/cve/CVE-2025-68146/
`ubuntu`	medium	CVE-2025-68146 medium priority: Ubuntu including 1 source packages (python-filelock), 7 status rows across 7 suites (bionic, focal, jammy, noble, plucky, questing, upstream): released 4, ignored 1, needed 1, needs-triage 1.	https://ubuntu.com/security/CVE-2025-68146

Affected software / configurations for CVE-2025-68146

Vendor	Product	Version	Raw CPE
tox-dev	filelock	< 3.20.1	cpe:2.3:a:tox-dev:filelock::::::python::*

References for CVE-2025-68146

URL	Tags
https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e	Patch
https://github.com/tox-dev/filelock/pull/461	Issue Tracking Patch
https://github.com/tox-dev/filelock/releases/tag/3.20.1	Product Release Notes
https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f	Exploit Mitigation Vendor Advisory

URL

CVE-2025-68146 | filelock has TOCTOU race condition that allows symlink attacks during lock file creation

Public exploit references (Exploit-DB) for CVE-2025-68146

Exploit prediction scoring system (EPSS) score for CVE-2025-68146

Common vulnerability scoring system (CVSS) metrics for CVE-2025-68146

Weakness enumeration for CVE-2025-68146

GitHub Security Advisory for CVE-2025-68146

OS Trackers for CVE-2025-68146

Affected software / configurations for CVE-2025-68146

References for CVE-2025-68146