CVE ID : CVE-2025-8406
Published : Oct. 5, 2025, 9:15 a.m. | 1 hour, 15 minutes ago
Description : ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.
Severity: 6.3 | MEDIUM
Published : Oct. 5, 2025, 9:15 a.m. | 1 hour, 15 minutes ago
Description : ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.
Severity: 6.3 | MEDIUM
Post a Comment