Medium Published: Dec 12, 2025 Modified: Dec 12, 2025

CVE-2025-67819

4.9 CVSS Score Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Export:

Link copied!

Description

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files accessible to the service process.

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Weaknesses (CWE)

CWE-22

References & External Links

https://github.com/weaviate/weaviate
https://weaviate.io/blog/weaviate-security-release-november-2025

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker