Critical NLTK Vulnerability in Multiple Ubuntu Releases

Severity: High (Score: 69.9)

Sources: Ubuntu, Linuxsecurity

Summary

A critical security vulnerability has been identified in the Natural Language Toolkit (NLTK) affecting multiple Ubuntu LTS releases, including 24.04, 22.04, 20.04, 18.04, 16.04, and 14.04. The flaw allows an attacker to exploit the improper handling of file extraction when opening a specially crafted zip file, potentially leading to system crashes or arbitrary code execution. This vulnerability, cataloged as CVE-2025-14009, was published on February 18, 2026. Users are advised to update their systems to the latest package versions to mitigate the risk. The issue is particularly concerning as it affects a wide range of supported Ubuntu versions, increasing the potential attack surface. Ubuntu Pro users are eligible for extended security maintenance. Standard system updates are recommended to apply the necessary patches. Key Points: • CVE-2025-14009 affects multiple Ubuntu LTS releases from 14.04 to 24.04. • Exploitation could allow attackers to execute arbitrary code via malicious zip files. • Users should update to the latest NLTK package versions to mitigate the vulnerability.

Key Entities

• CVE-2025-14009 (cve)
• NLTK (platform)
• Ubuntu Pro (platform)
• Ubuntu (company)