CVE-2025-8917
NONE EPSS 18.5%
Published Oct 5, 20258mo ago · Modified Jun 17, 20261w ago
Published Oct 5, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten.
Threat Intelligence
EPSS Exploit Probability
18.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
References 2
- github.com https://github.com/allegroai/clearml/commit/64fb2bcbdbb87a74af90dd723d5ef4a99fceeb73
- huntr.com https://huntr.com/bounties/588fcdd1-fea4-4cc2-a9f8-851701dcb576
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.