exploitDog

CVE-2025-67818

Опубликовано: 12 дек. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root when a backup is restored, potentially creating or overwriting files in arbitrary locations within the application's privilege scope.

Ссылки

https://github.com/weaviate/weaviate
Product
https://weaviate.io/blog/weaviate-security-release-november-2025
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weaviate:weaviate:*:*:*:*:*:*:*:*

Версия до 1.33.4 (исключая)

EPSS

Процентиль: 53%

0.00304

Низкий

7.2 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-7v39-2hx7-7c43

github

около 2 месяцев назад

Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip

EPSS

Процентиль: 53%

0.00304

Низкий

7.2 High

CVSS3

Дефекты

CWE-22