CVE-2025-8406
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-8406
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8406.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-8406
- Aliases
- Published
- 2025-10-05T09:15:31Z
- Modified
- 2025-11-01T06:21:48.447108Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
ZenML version 0.83.1 is affected by a path traversal vulnerability in the
PathMaterializerclass. Theloadfunction usesis_path_within_directoryto validate files duringdata.tar.gzextraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten. - References
Affected packages
Git / github.com/zenml-io/zenml
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zenml-io/zenml
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.3rc0
0.1.4
0.1.5
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
0.2.0
0.2.0rc1
0.2.0rc2
0.20.3
0.20.5
0.21.0
0.21.1
0.22.0
0.23.0
0.3.0
0.3.1
0.3.1rc0
0.3.2
0.3.3
0.3.3rc0
0.3.4
0.3.4rc0
0.3.5
0.3.5rc0
0.3.6
0.3.6.1
0.3.6rc0
0.3.7
0.3.7.1rc0
0.3.7.1rc1
0.3.7.1rc2
0.3.7.1rc3
0.3.7.1rc4
0.3.7.1rc5
0.3.7rc0
0.3.8
0.3.9rc1
0.3.9rc2
0.30.0
0.31.0
0.31.1
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.35.1
0.36.1
0.37.0
0.38.0
0.39.0
0.39.1
0.40.0
0.40.1
0.40.2
0.41.0
0.42.0
0.43.0
0.44.0
0.44.1
0.44.2
0.44.3
0.45.0
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.46.1
0.47.0
0.5.0
0.5.0rc1
0.5.0rc2
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.54.0
0.54.1
0.55.0
0.55.1
0.55.2
0.55.4
0.55.5
0.56.0
0.56.1
0.56.2
0.56.4
0.57.0
0.57.0rc1
0.57.0rc2
0.57.1
0.58.0
0.58.1
0.58.2
0.6.0
0.6.1
0.6.2
0.6.3
0.60.0
0.62.0
0.63.0
0.64.0
0.65.0
0.66.0
0.67.0
0.68.0
0.7.0
0.7.1
0.70.0
0.71.0
0.72.0
0.73.0
0.74.0
0.75.0
0.8.1
0.8.1rc0
0.80.0
0.80.1
0.80.2
0.81.0
0.82.0
0.82.1
0.83.0
0.83.1
0.84.0
0.84.1
0.9.0