CNNVD-202509-3978 Information

CNNVD ID

CNNVD-202509-3978

Related CVE

CVE-2025-10951

• CNNVD Published: 2025-09-25

Description (Chinese)

ML-Logger是Ge Yang个人开发者的一个用于机器学习项目的记录器、服务器和可视化仪表板。 ML-Logger acf255bade5be6ad88d90735c8367b28cbe3a743及之前版本存在路径遍历漏洞，该漏洞源于文件ml_logger/server.py中log_handler函数对参数File的错误操作，可能导致路径遍历攻击。

Description (English)

ML-Logger is a recorder, server and visualizer for a machine learning project by Ge Yang Personal Developer. ML-Logger acf255bade5be6ad88d9035C8367b28cber3a743 and previous versions have path-to-path loopholes that stem from the error of the log handler function in document ml logger/server.py on parameter File, which may lead to a path-to-path attack.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

LitexMedia

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/geyang/ml-logger/issues/73 https://vuldb.com/?ctiid.325821 https://vuldb.com/?id.325821 https://vuldb.com/?submit.652462