CVE-2025-8917

NONE EPSS 18.5%
Published Oct 5, 20258mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Oct 5, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files are overwritten.

Threat Intelligence

EPSS Exploit Probability
18.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

References 2

  • github.com https://github.com/allegroai/clearml/commit/64fb2bcbdbb87a74af90dd723d5ef4a99fceeb73
  • huntr.com https://huntr.com/bounties/588fcdd1-fea4-4cc2-a9f8-851701dcb576

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.