CVE-2025-8406
6.3
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses is_path_within_directory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| zenml-io | zenml-io/zenml | unspecified < 0.84.2 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://huntr.com/bounties/a0880d64-9928-45bf-9663-2cd81582d9e7
- https://github.com/zenml-io/zenml/commit/5d22a48d7bf6c7f10b748577c2be79cc7969d398
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.