VDB
CVE-2025-67818
CVE-2025-67818
PUBLISHED
CVSS 7.199999809265137 HIGH
An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root when a backup is restored, potentially creating or overwriting files in arbitrary locations within the application's privilege scope.
EPSS 0.21% · 43.8th percentile
Risk Scores
CVSS v3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.21%
43.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| weaviate | weaviate | 0 |
| n/a | n/a | n/a |
| github.com | weaviate/weaviate | 1.31.0-rc.0, 1.32.0-rc.0, 1.33.0-rc.0 |
Timeline
- Dec 12, 2025 CVE Published
- Dec 12, 2025 PoC Published
- Dec 13, 2025 EPSS Score
- Dec 17, 2025 EPSS Score
- Dec 18, 2025 CVE Updated
- Dec 21, 2025 EPSS Score
- Dec 25, 2025 EPSS Score
- Dec 29, 2025 EPSS Score
- Jan 2, 2026 EPSS Score
- Jan 6, 2026 EPSS Score
- Jan 10, 2026 EPSS Score
- Jan 14, 2026 EPSS Score
References
- https://github.com/weaviate/weaviate url
- https://weaviate.io/blog/weaviate-security-release-november-2025 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-67818 advisory
- https://github.com/weaviate/weaviate/commit/169df2dc92bc232df62e8fab0a20db2e5371f7aa url
- https://github.com/weaviate/weaviate/commit/89c2270869e6d64f5b5276b8626c11cd816c6665 url
- https://github.com/advisories/GHSA-7v39-2hx7-7c43 advisory