The following vulnerability was published for setuptools.
CVE-2025-47273[0]:
| setuptools is a package that allows users to download, build,
| install, upgrade, and uninstall Python packages. A path traversal
| vulnerability in `PackageIndex` is present in setuptools prior to
| version 78.1.1. An attacker would be allowed to write files to
| arbitrary locations on the filesystem with the permissions of the
| process running the Python code, which could escalate to remote code
| execution depending on the context. Version 78.1.1 fixes the issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.