CNNVD-202509-3584 Information
Sep 22, 2025
cve
CNNVD ID
CNNVD-202509-3584
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
txtai是NeuML开源的一个AI框架。 txtai存在安全漏洞,该漏洞源于未正确处理压缩tar文件中的符号链接,可能导致任意文件写入。
Description (English)
txtai is an AI framework for NeuML open source. There is a security loophole in txtai, which results from the incorrect processing of symbolic links in compressed tar files, which may lead to the writing of any document.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Newland
Published
2025-09-22
Last Modified
2026-02-24
References
https://github.com/neuml/txtai/issues/965 https://research.jfrog.com/vulnerabilities/txtai-arbitrary-file-write-jfsa-2025-001471363/
Patch
https://neuml.github.io/txtai/
Share on: