CNNVD-202507-2900 Information

CNNVD ID

CNNVD-202507-2900

Related CVE

CVE-2025-51480

• CNNVD Published: 2025-07-22

Description (Chinese)

ONNX（Open Neural Network Exchange）是ONNX开源的一个机器学习互操作性的开放标准。 ONNX 1.17.0版本存在安全漏洞，该漏洞源于onnx.external_data_helper.save_external_data存在路径遍历漏洞，可能导致覆盖任意文件。

Description (English)

ONNX (Open Natural Network Exchange) is an open standard for interoperability learning for a machine at the Open Source of ONNX. There is a security loophole in version 1.17.0 of ONNX, which originates from the loophole of anonnx.external data helper.save external data, which could lead to overwhelming any document.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

ONNX

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/advisories/GHSA-6rq9-53c3-f7vj https://github.com/onnx/onnx https://github.com/onnx/onnx/pull/7040 https://github.com/onnx/onnx/pull/6959 https://www.gecko.security/blog/cve-2025-51480 https://nvd.nist.gov/vuln/detail/CVE-2025-51480

Patch

https://github.com/onnx/onnx/releases