High Published: Dec 12, 2025 Modified: Dec 12, 2025

CVE-2025-67818

7.2 CVSS Score High

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Export:

Link copied!

Description

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root when a backup is restored, potentially creating or overwriting files in arbitrary locations within the application's privilege scope.

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Weaknesses (CWE)

CWE-22

References & External Links

https://github.com/weaviate/weaviate
https://weaviate.io/blog/weaviate-security-release-november-2025

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker