CNNVD-202510-736 Information

CNNVD ID

CNNVD-202510-736

Related CVE

CVE-2025-8917

• CNNVD Published: 2025-10-05

Description (Chinese)

clearml是allegroai个人开发者的一个大模型流水线工具。 clearml v2.0.1版本存在安全漏洞，该漏洞源于safe_extract函数处理符号链接和硬链接不当，可能导致任意文件写入和远程代码执行。

Description (English)

Clearml is a large-scale water flow tool for allegroai personal developers. There is a security loophole in version clearml v2.0.1, which stems from the safe extract function ’ s inappropriate handling of symbol links and hard links, which may lead to any file writing and remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-05

Last Modified

2026-02-24

References

https://github.com/allegroai/clearml/commit/64fb2bcbdbb87a74af90dd723d5ef4a99fceeb73 https://huntr.com/bounties/588fcdd1-fea4-4cc2-a9f8-851701dcb576

Patch

https://github.com/clearml/clearml/releases