diff --git a/pyproject.toml b/pyproject.toml
index 0a905115..0a23dce5 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -76,13 +76,13 @@ testing = [
   # test suite
   # TODO: maybe some of these layout choices?
   # https://docs.pytest.org/en/8.0.x/explanation/goodpractices.html#choosing-a-test-layout-import-rules
-  # bumped 8.3.5 → 9.0 per upstream security advisory + our
+  # bumped 8.3.5 → 9.0.3 per upstream security advisory + our
   # local-only reliance on the post-9.0 capture-machinery shape
   # (the `sys.__stderr__`-bypass print in
   # `tractor._testing.trace._do_capture_snapshot` works on 8.x
   # too, but standardizing on 9.x here ensures `--show-capture`
   # interactions stay predictable across dev installs).
-  "pytest>=9.0",
+  "pytest>=9.0.3",  # CVE-2025-71176 (insecure tmpdir) patched in 9.0.3
   "pexpect>=4.9.0,<5",
 ]
 repl = [
diff --git a/uv.lock b/uv.lock
index 2e1e7d2c..27511f7f 100644
--- a/uv.lock
+++ b/uv.lock
@@ -726,7 +726,7 @@ dev = [
     { name = "prompt-toolkit", specifier = ">=3.0.50" },
     { name = "psutil", specifier = ">=7.0.0" },
     { name = "pyperclip", specifier = ">=1.9.0" },
-    { name = "pytest", specifier = ">=9.0" },
+    { name = "pytest", specifier = ">=9.0.3" },
     { name = "stackscope", specifier = ">=0.2.2,<0.3" },
     { name = "typing-extensions", specifier = ">=4.14.1" },
     { name = "xonsh", specifier = ">=0.23.0" },
@@ -747,7 +747,7 @@ subints = [{ name = "msgspec", marker = "python_full_version >= '3.14'", specifi
 sync-pause = [{ name = "greenback", marker = "python_full_version == '3.13.*'", specifier = ">=1.2.1,<2" }]
 testing = [
     { name = "pexpect", specifier = ">=4.9.0,<5" },
-    { name = "pytest", specifier = ">=9.0" },
+    { name = "pytest", specifier = ">=9.0.3" },
 ]
 
 [[package]]